The French news magazine L'Express has reported that in May computers in the offices of France's then-president Nicolas Sarkozy were attacked by Flame, the malware jointly developed by the US and Israel to collect information on the Iranian nuclear program, and that staff at the Elysee Palace covered up the attack. "Hackers have not only managed to get to the heart of French political power," L'Express reported, "but they were able to search the computers of close advisers of Nicolas Sarkozy."

While Sarkozy was not directly targeted—it is reported by L'Express that he did not have a PC—the report claims that "secret notes were recovered from hard drives, and also strategic plans." The victims of the attack were allegedly targeted through Facebook and then "spearphished" by the attackers, who sent a link to a website that replicated the Elysee's intranet site—a site that captured their usernames and passwords, and infected their computers with malware. Sources told L'Express that the malware's signature matched that of the Flame "worm."

Once inside the intranet, the worm was able to work its way across the network, eventually infecting the computers of a number of Sarkozy's closest advisers including his Secretary-General Xavier Musca. The attack was ultimately detected by the French government's computer security agency, the Agence nationale de la sécurité des systèmes d'information (Anssi); the Elysee's network was down for several days as an Anssi team cleared the worm from infected systems.

So far, the French government has not commented on the allegations, and the US embassy in Paris has issued a strong denial of US involvement. The French government had previously confirmed that the Palace was the target of two large-scale cyber-attacks in May, but had not disclosed details of them.