14 DAY TRIAL // A cyber-attack that took place on April 8, 2015, could have whipped out TV5Monde's entire infrastructure, according to Yves Bigot, TV5Monde General Director.
Eighteen months after the attack took place, Bigot revealed new details about the incident to fellow British TV station, the BBC.
Bigot says the attackers compromised the TV station in January 2015, but they lay hidden and collected data about the network's mode of operation and internal structure.
TV5Monde was the target of a very sophisticated attack
He says the attackers collected data about how the TV station operated and their hardware equipment. They then created malware specific to each action they wanted to take, and they deployed it all at once, on the night TV5Monde had launched its twelveth TV channel.
When the malware sprung into action, it started deleting data and sabotaging critical hardware, such as the encoder systems used to transmit programs to TV-broadcasting satellites.
In a matter of minutes, eleven of twelve TV5Monde channels had gone off-air, with engineers scrambling to discover the problem.
One employee saved the company
The attack would have been much worse, with much more grave consequences if a technician hadn't identified the malware-infected equipment and disconnected it from the company's network, isolating the attack.
Bigot says the employee literally saved the company, which would have needed much more than 8-9 hours to restore its affected TV stations.
Bigot believes that an extended downtime would have bankrupted the TV station, which would have lost crucial broadcasting contracts.
ISIS claims cyber-attack, but the hack is way out of their league
Even if the attack was claimed on Facebook by someone posing as an ISIS militant and member of the Cyber Caliphate hacking division, authorities told Bigot not to attribute the attack to ISIS, revealing that somebody much more advanced was behind the incident.
A French newspaper that investigated the hack together with Trend Micro claimed in June 2015 that the attack had the hallmark signs of APT28, a cyber-espionage group operating from Russia's borders.
Despite the accusations, it didn't make any sense for Russia's hidden cyber-operations group to target TV5Monde. Bigot had a hard time believing the theory himself, but the BBC claims that this could have been very well just a test of cyber-weapons before a more serious attack.
Attackers targeted TV5Monde's suppliers
A later investigation revealed the complexity of the attack, with the hackers targeting a Dutch company just because they wanted to learn more about the remote controlled cameras used in TV5's studios.
The attack doesn't fit the mold of other Cyber Caliphate attacks, which were mere website defacements that never involved the creation and deployment of custom malware.
While the Russian connection and subsequent motives aren't as clear as in other APT28 attacks, it is more than certain that this was the work of a cyber-espionage actor with experience in carrying out multi-stage attacks.
APT28 is a convenient suspect, but the lack of evidence still warrants more investigative efforts into uncovering the true source of the attacks.