
In response to the growing wave of cyberattacks targeting digital education platforms, the French authorities have launched a nationwide campaign aimed at raising students’ awareness of phishing risks. Operation CACTUS, conducted in March 2025, marked a pivotal step toward cultivating digital literacy among the nation’s youth.
In recent months, schools have increasingly become targets of cyber intrusions directed at digital learning environments (ENT). These attacks have added significant pressure on students and even led to the temporary suspension of ENT systems in 2024. Adolescents aged 11 to 18 proved particularly vulnerable—armed with multiple devices and immersed in online activity, they often engage with digital platforms with misplaced confidence, unaware of the lurking threats.
Between March 19 and 21, approximately 2.5 million students received a message via ENT containing a link promising “hacked games and free cheats.” The aim was to simulate a realistic phishing scenario and assess how students would respond to a potential cyber threat. Roughly 210,000 students—around one in twelve—clicked the link, which redirected them to a video explaining the dangers of phishing.
The campaign’s core objective was to instill caution in students’ online behavior and to underscore the potential legal consequences of cyber offenses.
Following the primary phase, authorities plan to continue the educational outreach in schools. In-person sessions featuring invited cybersecurity experts are being organized to deepen students’ understanding of digital threats. Additionally, a comprehensive educational toolkit has been developed collaboratively by all stakeholders in the project. This resource includes pedagogical guidelines and practical tools to support teachers in fostering digital awareness among the youth.
This initiative comes as France prepares to enact sweeping legislation that could fundamentally reshape the nation’s approach to online security. Proposed measures include mandating telecom providers to install backdoors in encrypted messaging apps and restricting access to online content via VPNs. These proposals have drawn sharp criticism from the secure email provider Tuta (formerly Tutanota) and the VPN Trust Initiative (VTI).
France is not alone in tightening control over digital communications. In the United Kingdom, the government has recently demanded that Apple provide access to encrypted iCloud backups. In response, Apple disabled end-to-end encryption for British users. Meanwhile, Sweden is preparing a draft law requiring messaging services such as Signal and WhatsApp to implement technical backdoors, granting authorities access to encrypted communications.