French postal and banking services faced fresh disruptions on Thursday, January 1, 2026, following a cyberattack that temporarily rendered the websites and mobile applications of La Poste and La Banque Postale largely inaccessible, according to reports from French radio RFI.  A message on the La Poste homepage confirmed the situation, stating: “The laposte.fr website and all of La Poste’s information systems are currently facing a cyberattack.” Similarly, the online and mobile banking platforms of La Banque Postale, the post office’s banking arm, experienced downtime, preventing many customers from accessing services. 

Repeated Denial-of-Service Attack on La Poste and La Banque Postale 

This incident follows a previous denial-of-service (DDoS) attack that began on December 22, 2025, and continued until December 26. The earlier attack, which overloads servers to slow or block access, disrupted customers’ ability to track parcels but did not affect deliveries, which continued as normal.  Authorities confirmed that the pro-Russian hacker group NoName057(16) claimed responsibility for the December attack. La Poste filed a formal complaint, emphasizing that no customer data had been compromised, as denial-of-service attacks do not constitute unauthorized intrusion into information systems. 

Investigations and Security Response 

The Paris prosecutor’s office has opened an investigation into the latest La Poste cyberattack, delegating the case to the General Directorate for Internal Security (DGSI) and the national cyber unit. Authorities confirmed that the hacker group NoName057(16) had publicly claimed responsibility for the disruption.  The group, which emerged in 2022 after Russia invaded Ukraine, has previously targeted Ukrainian media, as well as government and corporate websites in countries including Poland, Sweden, and Germany.

Operational Impacts 

During both attacks, digital access to La Poste services was limited, forcing some post offices to operate at reduced capacity. Despite the disruptions, customers were able to carry out essential postal services and banking transactions at physical locations.  La Poste communicated via Twitter that its teams were “fully mobilized to restore services as quickly as possible,” emphasizing that parcel deliveries continued and remediation efforts were ongoing.  Meanwhile, La Banque Postale acknowledged the cyberattack on social media, explaining: “A computer incident has temporarily made our mobile app and online banking inaccessible. Our teams are working to resolve the situation as quickly as possible. Online payments are possible with SMS authentication.”   Card payments at in-store terminals, ATM withdrawals, and SMS-authenticated online transactions remained functional, mitigating the overall impact on day-to-day financial activity. 

Context of Cyber Incidents in France 

The La Poste cyberattack comes amid a series of recent cyber incidents affecting public institutions in France. On December 17, 2025, authorities arrested a 22-year-old man in connection with a breach of France’s Interior Ministry, which involved unauthorized access to email accounts and confidential documents. The suspect faces potential prison time of up to 10 years.  Earlier, in November 2025, the French Football Federation reported a breach in which attackers exploited stolen credentials to access membership management software, exposing personal data of registered players nationwide.  While La Poste has not publicly attributed the latest cyberattack to a specific threat actor, the recurring incidents highlight the growing challenge of protecting critical public and financial infrastructure in France from denial-of-service attacks and other cyber threats.  The attacks on La Poste and La Banque Postale highlight the vulnerability of postal and banking services to cyberattacks. No customer data was compromised, but online and mobile services were disrupted. Authorities, including the DGSI, are investigating, while both organizations work to restore full digital access. Customers should follow official channels for service updates. 

The U.S. Department of Justice has unveiled a series of actions against two Russian state-supported cyber collectives, CARR (also known as CyberArmyofRussia_Reborn or CyberArmyofRussia) and NoName057(16), with prosecutors unsealing dual indictments against Ukrainian national Victoria Eduardovna Dubranova, 33. Dubranova, known online as “Vika,” “Tory,” and “SovaSonya,” is accused of participating in destructive campaigns against critical infrastructure worldwide on behalf of Russian geopolitical objectives.  Dubranova was extradited to the United States earlier in 2025 on charges tied to CARR, and she has now been arraigned on a second indictment connected to NoName057(16). She pleaded not guilty in both proceedings. Trial in the NoName057(16) case is scheduled for February 3, 2026, while the CARR case is set for April 7, 2026. 

Russian Government Involvement 

According to prosecutors, both CARR and NoName057(16) operated with direct or indirect support from Moscow. CARR allegedly received Russian government funding used to acquire cyber tools, including subscriptions to DDoS-for-hire services. NoName057(16) was described as a covert, state-blessed endeavor tied to the Center for the Study and Network Monitoring of the Youth Environment (CISM), an IT organization established in 2018 by presidential order in Russia. Employees of that organization reportedly helped build NoName057(16)’s proprietary DDoS software, known as DDoSia.  [caption id="" align="alignnone" width="2048"] Notification of CARR and Z-Pentest Hackers (Source: Rewards for Justice)[/caption] Assistant Attorney General for National Security John A. Eisenberg said the enforcement effort demonstrates the Department’s commitment “to disrupting malicious Russian cyber activity, whether conducted directly by state actors or their criminal proxies,” emphasizing the need to defend key resources such as food and water systems.  First Assistant U.S. Attorney Bill Essayli warned that state-aligned hacktivist groups, including CARR and NoName057(16), pose serious national security concerns because they enable foreign intelligence services to obscure their involvement by using civilian proxies.  FBI Cyber Division Assistant Director Brett Leatherman stated that the Bureau will continue exposing and pursuing pro-Russia actors, including those with ties to the GRU. EPA Acting Assistant Administrator Craig Pritzlaff added that targeting water systems presents immediate hazards, pledging continued pursuit of individuals who threaten public resources. 

Cyber Army of Russia Reborn (CARR / CyberArmyofRussia) 

According to the indictments, CARR, also known as Z-Pentest and linked to CyberArmyofRussia, was created, funded, and directed by Russia’s GRU. The group has claimed responsibility for hundreds of global cyberattacks, including intrusions into U.S. critical infrastructure. CARR regularly published evidence of its operations on Telegram, where it amassed more than 75,000 followers and reportedly consisted of over 100 members, some of whom were juveniles.  The group allegedly targeted industrial control systems and carried out widespread DDoS attacks. Victims included public drinking water systems in multiple U.S. states, where operational disruptions led to the release of hundreds of thousands of gallons of drinking water. In November 2024, CARR allegedly attacked a meat processing plant in Los Angeles, causing thousands of pounds of meat to spoil and triggering an ammonia leak. The group also targeted election infrastructure and websites linked to nuclear regulatory bodies.  A figure known as “Cyber_1ce_Killer,” associated with at least one GRU officer, allegedly advised CARR on target selection and financed access to cybercriminal services. Dubranova faces charges including conspiracy to damage protected computers, tampering with public water systems, damaging protected computers, access device fraud, and aggravated identity theft. The statutory maximum penalty is 27 years in federal prison. 

NoName057(16) 

The indictment describes NoName057(16) as a clandestine project involving CISM personnel and external cyber actors. The group conducted hundreds of DDoS attacks in support of Russian interests, using its proprietary tool DDoSia. Participants worldwide were encouraged to run DDoSia, with rankings published on Telegram and cryptocurrency rewards doled out to top performers.  Targets included government agencies, ports, rail systems, financial institutions, and other high-value operations. For Dubranova, the NoName057(16) indictment carries a single charge of conspiracy to damage protected computers, with a maximum penalty of five years.  The law enforcement actions form part of Operation Red Circus, with coordination from Europol’s Operation Eastwood. In July 2025, investigators across 19 countries disrupted more than 100 servers linked to NoName057(16). Authorities also arrested two members outside Russia, announced charges against five individuals, and conducted searches of two service providers and 22 group members. The FBI also suspended the group’s primary X account. 

Rewards and Prior Sanctions 

The State Department simultaneously announced rewards of up to $2 million for information on CARR / CyberArmyofRussia members and up to $10 million for intelligence on NoName057(16) actors. A Joint Cybersecurity Advisory released by multiple U.S. agencies warned that Russian-aligned hacktivist groups exploit insecure VNC connections to access critical operational technology devices, a tactic linked to physical damage in several incidents.  Federal action against CARR is longstanding. On July 19, 2024, the Treasury Department sanctioned Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko for cyber operations targeting U.S. infrastructure. Degtyarenko was accused of accessing a SCADA system belonging to a U.S. energy company and developing training materials on exploiting similar systems.  CARR’s attacks escalated in late 2023 and throughout 2024, including manipulations of unsecured industrial systems across water, hydroelectric, wastewater, and energy facilities in the U.S. and Europe. Water utilities in Indiana, New Jersey, and Texas were among the affected sites, with one town forced into manual operations. In January 2024, CARR published a video showing interference with human-machine interfaces at a U.S. water utility.