Decoding the world of cybersecurity

ANSSI puts G7 Evian summit on cyber alert

France’s cyber agency is supporting G7 summit preparations as major diplomatic events remain exposed to espionage, destabilisation, extortion, and denial-of-service activity.

ANSSI puts G7 Evian summit on cyber alert
Summary
  • ANSSI is supporting the cybersecurity of the French G7 summit in Evian, scheduled for 15–17 June 2026.
  • The agency warns that major diplomatic events can attract espionage, destabilisation, extortion, and DDoS activity.
  • The operational focus covers the wider summit ecosystem, including organisers, suppliers, public bodies, communications teams, and supporting services.

ANSSI is supporting cyber defence preparations for the G7 leaders’ summit in Evian, placing the French-hosted diplomatic event inside a familiar risk pattern of espionage, destabilisation, extortion, denial of service, and crisis communications pressure around major geopolitical gatherings.

The French cybersecurity agency said the summit ecosystem is exposed to potential cyberattacks in a period of high global geopolitical tension. The meeting of heads of state and government is scheduled to take place in Evian from 15 to 17 June 2026, under France’s G7 presidency.

ANSSI’s guidance does not disclose a specific active campaign against the summit. It sets out a risk posture for participants, organisers, public bodies, suppliers, communications teams, and supporting organisations whose systems may become targets because of their proximity to the event.

Major international political events regularly draw attackers seeking intelligence, leverage, visibility, or disruption. ANSSI points to espionage attempts using geopolitical themes linked to the meetings themselves, while the media exposure around G7 summits can also create openings for destabilisation or extortion. That makes the attack surface wider than the summit venue or government networks alone.

Diplomatic events create temporary digital ecosystems. Delegations, hotels, transport providers, communications teams, local authorities, law enforcement, contractors, media operations, and event management systems can all become part of the operational dependency chain. Attackers do not need to compromise the highest-value diplomatic target to create disruption. A compromised mailbox, defaced website, stolen dataset, or overwhelmed public information service can create operational friction and public uncertainty during a compressed event window.

ANSSI said it has worked closely with the organisations involved in the Evian summit, including the secretariat general of the French G7 presidency, the interior ministry, and the ministry for Europe and foreign affairs. The agency is also directing stakeholders to incident response sheets from InterCERT France covering compromised email accounts, website defacement, and data theft, alongside its guidance on distributed denial-of-service attacks and cyber crisis management.

The guidance has a practical edge because large political events are short, public, and difficult to pause. Systems that would normally be patched, reconfigured, or taken offline in a controlled maintenance window may have to stay available throughout the event. Public websites and online services can become symbolic targets. Staff under pressure are more vulnerable to social engineering. Media and operational teams may rely on personal devices, shared files, messaging apps, and rapid approval chains that weaken normal controls.

The G7 setting also carries a European cyber policy dimension. France took over the G7 cybersecurity working group presidency on 1 January 2026, and recent G7 cyber work has covered software bills of materials, artificial intelligence, post-quantum migration, small and medium-sized businesses, and telecoms security. The Evian summit therefore combines policy visibility with operational exposure.

Risk around the summit is not confined to state-backed espionage. Hacktivists, financially motivated extortion groups, influence operators, and opportunistic criminals can exploit the attention surrounding the meeting. DDoS attacks remain technically blunt but politically useful when visibility or disruption is the objective. Email compromise and fraudulent infrastructure can support credential theft and information operations. Public-facing suppliers may have weaker controls than the government bodies they support.

Organisations connected to the summit need hardened email, multi-factor authentication, monitored privileged access, clear escalation routes, tested DDoS arrangements, offline contact trees, rehearsed communications, and rapid evidence preservation. The operating environment raises the stakes. During a summit, a minor cyber incident can become a public-order, diplomatic, or reputational issue within minutes.

Cyber readiness for public events now sits alongside event safety, continuity, information integrity, and government credibility. ANSSI’s pre-summit intervention gives organisers and connected organisations a narrow window to reduce avoidable exposure before the geopolitical spotlight moves to Evian.

×