Paris (AFP)

The French groups Thales and Israel Verint released Monday a global directory of groups of hackers most threatening, where stand out especially state or parastatal groups.

Of the 66 groups of high-level attackers in this Who's Who of Cybercrime, 49% are considered to be state-born or state-sponsored.

These groups usually act for purposes of cyber espionage, political destabilization, or sabotage.

In the rest of the groups, 26% are "hacktivists", activists motivated by community, religious and political ideologies.

20% are cybercriminals, motivated by greed, 5% of cyberterrorists.

Among the most dangerous groups in terms of sophistication of their tools, Russian groups dominate (4 in the top 10), followed by Chinese groups (3 out of 10).

Some groups such as Russian or Chinese groups sometimes seem to "make a name for themselves, to display their level of competence," Ivan Fonterensky, one of the team behind the report, told reporters.

"Some time ago, boats were compromised off Indonesia," he said. The investigations showed that a Chinese group had purposely pushed malware on the ships, "to be detected and know they were present," he added.

- Discretion of American groups -

Conversely, American groups remain extremely discreet, and very little information could be collected.

In the first 10 groups of the ranking, there is also a Vietnamese group, an Iranian group ... and a French group, called Animal Farm or ATK 08, whose report suggests that it is undoubtedly linked to the French State .

This group "active since at least 2009" uses "advanced techniques but does not seem motivated by financial gains". He is known for his "high quality" malware, whose tools have been used against various organizations "including Syria, Iran and Malaysia".

The privileged targets of the 66 groups listed over the last ten years are government and defense (nearly half of the attacks), finance (more than a third), energy (about 10%).

Attacks against the media and the medical (hospitals) and pharmaceutical sectors have increased "particularly significantly" in recent months.

On the Thales side, the report was produced by the Threat Technical Analysis Team, a cyber intelligence cell.

The mission of this cell of a dozen people is to feed information information protection tools sold by Thales.

© 2019 AFP