Cyber Retaliation Unleashed After Telegram Founder’s Arrest: French Organizations Under Siege

Breached Company

Breached Company

4 min read
Cyber Retaliation Unleashed After Telegram Founder’s Arrest: French Organizations Under Siege
Photo by Daniel Roe / Unsplash

#France - Threat Actors Retaliate After Durov’s Arrest

Pavel Durov, the founder of Telegram
Pavel Durov, the founder of Telegram, has recently been arrested in France as part of an investigation into alleged criminal activities on the Telegram platform and a lack of cooperation with law enforcement. Despite his arrest, Durov has not been charged with any crime, and Telegram has stated that he
My Privacy BlogMy Privacy Blog

The arrest of Pavel Durov, the founder and CEO of Telegram, in France has triggered a wave of cyberattacks against French organizations. Within hours of the arrest, several notorious threat groups, including UserSec, CyberVolk, and the Cyber Army of Russia, announced their intentions to retaliate. These groups have already started targeting government websites and critical infrastructure, showing their allegiance to Durov and their opposition to his detention.

The Arrest of Pavel Durov

Pavel Durov, known for creating the encrypted messaging platform Telegram, has long been a controversial figure. Telegram’s strong encryption and privacy-focused ethos have made it a preferred communication tool for dissidents, activists, and, unfortunately, cybercriminals. Durov's arrest by French authorities, reportedly just minutes before his private jet was set to depart, has sparked outrage among various hacker collectives.

According to the alleged messages the following organizations were targeted:

  • European Court of Human Rights (ECHR)
  • Council of Europe
  • French Customs
  • Corsica Ferries – Operator of Ferry Lines
  • Court of Paris
  • Syane – Fiber optics for everyone in Upper Savoie.
  • Infomaniak Network SA

UserSec’s Call to Arms

UserSec, a notorious cyber threat actor group, was one of the first to respond to the news of Durov’s arrest. The group issued a call to action, urging others to join in their efforts to retaliate against the French government. Leveraging Durov’s own platform, UserSec declared their intention to carry out widespread Distributed Denial-of-Service (DDoS) attacks against French institutions.

Among the targets confirmed by UserSec were:

  • National Court of France (Cour de cassation)
  • Paris Tribunal (Tribunal de Paris)

UserSec also hinted at a broader campaign against French infrastructure, noting that their list of targets would continue to grow as they gain more support and resources. The group's use of Telegram as a communication tool underscores their loyalty to Durov and their commitment to exacting revenge for his arrest.

CyberVolk Joins the Fray

Another significant player in the retaliation campaign is CyberVolk, a group that quickly claimed responsibility for infiltrating French government systems. They specifically targeted the Réserve Civique website, which is a key component of France's civic engagement and volunteer services. CyberVolk’s announcement included the release of sensitive information obtained from their breach, showcasing their ability to access and manipulate French government databases.

CyberVolk’s message was clear: "In Shadows We Trust, In Silence We Strike." This ominous statement signals that the group plans to continue its operations in secret, potentially targeting other high-profile French entities in the near future.

The Cyber Army of Russia’s Role

In a coordinated effort, the Cyber Army of Russia, which has been linked to state-sponsored cyber activities, also announced its involvement in the retaliation. This group is believed to be behind the attacks on several key French websites, including:

  • European Court of Human Rights (ECHR)
  • Syane (A major fiber-optic network provider in Haute-Savoie)

The Cyber Army of Russia has a history of launching attacks in response to geopolitical events, and Durov’s arrest appears to have galvanized their efforts. The group's campaign, branded as #FreeDurov, has gained traction across various dark web forums, with many hackers pledging their support.

What’s Next for France?

The ongoing cyberattacks are likely to escalate as more groups join the campaign against France. The French government must brace for further disruptions, particularly to its digital infrastructure. The attacks not only threaten the availability of services but also raise concerns about the potential for sensitive information to be leaked or manipulated.

For now, the world watches as France grapples with this cyber onslaught. The arrest of Durov has become a flashpoint, igniting a coordinated and sustained attack on French interests. It serves as a stark reminder of the interconnected nature of global cybersecurity and the ripple effects that a single event can have across the digital landscape.

Rumble CEO Chris Pavlovski Responds to France's Actions Against Telegram's Pavel Durov

Source data:

The article on Daily Dark Web highlights that after Pavel Durov's arrest, several threat actors launched cyberattacks on French organizations. The targeted entities include the European Court of Human Rights, the Council of Europe, French Customs, and Corsica Ferries. Additionally, CyberVolk claimed to have infiltrated the La Réserve Civique, selling logs obtained from the breach. These attacks are framed as a direct retaliation against France for detaining the Telegram founder.

For more details, you can read the full article here.

Read more

The SharePoint Hack That Changed Global Cybersecurity: Inside Microsoft's MAPP Crisis

The SharePoint Hack That Changed Global Cybersecurity: Inside Microsoft's MAPP Crisis

A comprehensive investigation into the 2025 breach that compromised 400+ organizations and forced Microsoft to restructure its vulnerability sharing program Introduction In July 2025, the cybersecurity world witnessed a watershed moment when Chinese state-sponsored attackers exploited critical, unpatched vulnerabilities in Microsoft SharePoint. The breach, which followed shortly after Microsoft shared

By Breached Company
4chan and Kiwi Farms Challenge UK's Online Safety Act in Federal Court: A Test of International Internet Regulation

4chan and Kiwi Farms Challenge UK's Online Safety Act in Federal Court: A Test of International Internet Regulation

Two controversial US-based platforms take legal action against UK regulator Ofcom, claiming constitutional violations and extraterritorial overreach In a significant legal challenge to international internet regulation, 4chan and Kiwi Farms have filed a lawsuit in US federal court against the United Kingdom's Office of Communications (Ofcom) over enforcement

By Breached Company
Warlock Ransomware: The Critical Infrastructure Threat Redefining Global Cybersecurity in 2025

Warlock Ransomware: The Critical Infrastructure Threat Redefining Global Cybersecurity in 2025

A comprehensive analysis of the ransomware-as-a-service operation that has compromised over 400 organizations worldwide through sophisticated SharePoint exploitation Executive Summary The emergence of Warlock ransomware in mid-2025 has fundamentally reshaped the global cybersecurity landscape, representing a new paradigm in the sophistication and scale of ransomware operations. Operating as a ransomware-as-a-service

By Breached Company
DOGE SSA Data Security Breach: A Case Study in Government Contractor Access and Insider Threats

DOGE SSA Data Security Breach: A Case Study in Government Contractor Access and Insider Threats

Executive Summary A whistleblower complaint filed by Charles Borges, Chief Data Officer at the Social Security Administration (SSA), alleges that Department of Government Efficiency (DOGE) personnel created unauthorized copies of the NUMIDENT database—containing personal information for over 300 million Americans—in cloud environments lacking independent security controls and oversight

By Breached Company