DOCUMENTING HYBRID WARFARE / — incidents / UPDATED LATEST: 
Sabotage Watch SABOTAGEWATCHHybrid Threat Monitor
Sabotage

Coordinated cuts to backbone fiber near Paris disrupt internet

27 April 2022 · Paris (and other cities), France
Satellite Imagery © Esri

What happened

During the night of 26-27 April 2022, multiple long-haul fibre-optic backbone cables were deliberately severed at several sites around Paris and elsewhere in France, slowing or knocking out internet and phone connectivity across multiple regions. Underground cables were cut at Meaux and Souppes-sur-Loing (Seine-et-Marne), Le Coudray-Montceaux (Essonne), and Fresnes-en-Woevre (Meuse), damaging long-distance routes linking Paris with Strasbourg, Lyon and Lille. Operators reported the cuts occurred in the early hours, with disruption peaking after roughly 3-4 a.m. local time.

Internet service provider Free reported "multiple malicious acts" against its infrastructure and said about 100,000 of its customers were affected; SFR reported several fibre cuts in the Paris region and around Lyon. Service problems were reported in cities including Paris, Lyon, Reims, Grenoble, Strasbourg and Lille. The near-simultaneous, geographically dispersed cuts, in some cases severing cables on both sides to complicate repairs, led operators and officials to treat the events as a coordinated act, described by the French Telecoms Federation as an attack of unprecedented scale. The Paris prosecutor's office opened an investigation into damaging property liable to harm the fundamental interests of the nation, obstruction of an automated data-processing system, and criminal conspiracy, with France's domestic intelligence service (DGSI) and judicial police involved.

Assessment

The incident is widely treated as deliberate, coordinated sabotage of critical telecoms infrastructure rather than accidental damage, given the timing, the cutting of multiple separated long-haul routes within a short window, and methods that hampered repairs. No individual or group claimed responsibility, no suspects were publicly identified, and authorities did not attribute it to any state or organisation; any attribution therefore remains unknown and speculative. The episode highlighted the vulnerability of concentrated backbone fibre routes to low-cost physical attacks affecting many users at once.

This dossier summarises open-source reporting and is updated as the investigation develops. Read the original report via the source link.