On March 2, CyberArmyofRussia_Reborn posted an unusual video. This Telegram channel, which has regularly claimed responsibility for data theft and computer breaches on behalf of Russia, stated that hackers had succeeded in remotely sabotaging the Courlon-sur-Yonne hydroelectric power plant in Burgundy.

Images of the dam that were taken by drone (and presumably had been stolen) were coupled with video excerpts of software controlling the opening of valves. The hackers filmed themselves manipulating the software to release water downstream. There was enough to suggest a high-powered operation and perpetrators who were in a position to damage key French hydroelectric infrastructure.

But the reality was less impressive. Le Monde has learned there was a cybersecurity breach of the monitoring software for a French hydroelectric installation in early March. But it wasn't the Courlon-sur-Yonne dam: Instead, the Russian team had hacked into a mill.

"The images speak for themselves: The video starts with an aerial photo of the Courlon dam, but when it shows the piloting part, you can see that this is the Courlandon power plant," said administrators for the Groupe Energies France company, which manages the Courlon site. The power plant in Courlandon, a village of 300 inhabitants in the Champagne region, is a small, privately owned facility housed in a former watermill on the Vesle, the river that runs through the community.

Nobody in the village had noticed that anything was amiss. And for good reason: Analysis of the images has shown that the attack essentially lowered the water level downstream by 20 centimeters. "From a distance, apart from cutting off and restarting electricity production, a pirate can't do much," said Romain Eudes, operator of the Courlandon power plant. "There are safeguards everywhere in these facilities, including physical safeguards, with a spillway that prevents flooding of the river."

Did the hackers make a mistake or deliberately inflate their exploits? If you search for "Courlandon dam" on Yandex, Russia's leading search engine, one of the first results is an amateur drone video of the Courlon-sur-Yonne power plant. These images are also to be found in the video claiming responsibility, posted online on March 2.

The hack might have remained purely fodder for gossip, but CyberArmyofRussia_Reborn is not just another Telegram channel. As a new report published on Wednesday, April 17, by Mandiant, the cutting-edge cybersecurity company owned by Google, demonstrates, this propaganda channel is directly controlled by Sandworm, one of the major elite units of Russian military intelligence (GRU). The researchers' analysis confirms previous expert reports, which had already attributed this Telegram channel to Sandworm, albeit with less certainty.

You have 56.46% of this article left to read. The rest is for subscribers only.