Hackers using spear-phishing techniques broke into the French Ministry of Economics, Finances, and Industry last year, compromising at least 150 machines and exfiltrating documents related to the G-20 organization, in an attack described as "determined and organized." The perpetrators of the attack are unknown, but investigators have discovered that information was sent to servers located in China.

The break-in was reported in Paris Match, and has since been confirmed by Minster of Budget François Baroin. He also clarified that personal tax records were not accessed by the hack.

In November last year, workers at the ministry were sent e-mails with attachments containing trojans. Running these trojans infected their machines, and the infection then spread throughout the ministry's network. The attack and the e-mails are described as deliberately targeted—not generic phishing attacks intended to compromise bank details or credit card numbers, but spear-phishing attacks, created to specifically compromise particular individuals within the French ministry. The French authorities insist that no classified material was released—such material is restricted to a separate intranet. The information taken concerned the G-20 economic group. The G-20 organization is this year chaired and hosted by France, explaining why Paris should be the target. China is also a member of the group.

The hack was discovered two months ago, and has been under investigation by ANSSI, the French Network and Information Security Agency, ever since. According to Patrick Pelloux, director general of ANSSI, some 20-30 investigators have been working "day and night" on the case ever since the hack's discovery. Though the investigators are unsure who performed the attack, there are hints at a possible Chinese involvement: information from the ministry was sent to a Chinese server. However, that could equally be a result of the real attackers attempting to cover their tracks.

Pelloux described the attack as "professional, determined and organized," not "three PCs in a garage." However, he said that this did little to aid the hunt for the perpetrators: hackers for hire can be found readily.

Similar attacks were made against the Canadian Finance Department and Treasury Board in January. As in the French case, spear-phishing was used to compromise machines in the first place, and similarly, data was offloaded to Chinese servers. It may be coincidence, but Canada was the nation hosting and chairing the G-20 group last year.

Spear-phishing techniques and targeted attacks pose a unique security problem. Though they constitute a minority of all attacks—indiscriminate mass phishing attacks are far more common—they're much harder to guard against. Typical anti-virus software is ineffective against such malware, because anti-virus vendors can only provide detection signatures for those pieces of malware that they have been able to process and analyze themselves. That's not a problem for mass attacks, but it's much harder to do if a trojan is sent to just a few people working at a particular company or organization. When combined with exploitation of unreported security flaws—such as were used in Stuxnet and the Aurora attacks against Google in 2009—they can be extremely effective and hard to prevent.