{"id":3838,"date":"2025-11-25T16:24:56","date_gmt":"2025-11-25T16:24:56","guid":{"rendered":"https:\/\/phishia.fr\/?p=3838"},"modified":"2025-11-27T08:52:38","modified_gmt":"2025-11-27T08:52:38","slug":"cti-and-local-authorities-when-a-single-domain-name-exposes-the-whole-house","status":"publish","type":"post","link":"https:\/\/phishia.fr\/en\/blog\/monitoring\/cti-and-local-authorities-when-a-single-domain-name-exposes-the-whole-house\/","title":{"rendered":"CTI and local authorities: when a single domain name exposes the whole house"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"3838\" class=\"elementor elementor-3838\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6a24cd1 e-flex e-con-boxed e-con e-parent\" data-id=\"6a24cd1\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-cfdee17 elementor-widget elementor-widget-text-editor\" data-id=\"cfdee17\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In a local authority, everyone works with\u00a0<strong>the same domain name<\/strong>\u00a0:<br \/>@ville-X.fr, @departement-Y.fr, @metropole-Z.fr...<\/p>\n<p>Employees, departments, schools, municipal police, CCAS, culture, sport, elected representatives, external service providers...<br \/>Result:\u00a0<strong>hundreds, sometimes thousands of accounts<\/strong>\u00a0based on the same servers, the same portals, the same systems.<\/p>\n<p>For a striker, it's a golden opportunity:<\/p>\n<ul>\n<li>a single area to target,<\/li>\n<li>tons of identifiers to recover,<\/li>\n<li>and very often\u00a0<strong>many leaks already on the dark web<\/strong>.<\/li>\n<\/ul>\n<div>\u00a0<\/div>\n<p>Cyber Threat Intelligence (CTI) is here to do just that.\u00a0<strong>put some light in there<\/strong>\u00a0and do some real \u201chousekeeping\u201d on the show side.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-baa2610 e-flex e-con-boxed e-con e-parent\" data-id=\"baa2610\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b690626 elementor-widget elementor-widget-heading\" data-id=\"b690626\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">1. Why do communities leak so much onto the dark web?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-62d57a9 e-flex e-con-boxed e-con e-parent\" data-id=\"62d57a9\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5d67534 elementor-widget elementor-widget-text-editor\" data-id=\"5d67534\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p data-start=\"0\" data-end=\"442\">In spite of themselves, local authorities <strong data-start=\"40\" data-end=\"80\">ideal profile for cybercriminals<\/strong>.<br data-start=\"81\" data-end=\"84\" \/>They have many agents (and therefore many accounts), passwords that are often reused between internal tools and external services, accounts that remain active even though people have changed jobs or left the local authority, not to mention the many <strong data-start=\"359\" data-end=\"400\" data-is-only-node=\"\">trade portals displayed on the Internet<\/strong> (citizens, agents, schools, social, etc.).<\/p>\n<p data-start=\"444\" data-end=\"526\">Over time, all this leaves its mark on the dark web. There you can see :<\/p>\n<ul data-start=\"528\" data-end=\"769\">\n<li data-start=\"528\" data-end=\"612\">\n<p data-start=\"530\" data-end=\"612\">lists of local authority e-mail addresses and their associated passwords,<\/p>\n<\/li>\n<li data-start=\"613\" data-end=\"679\">\n<p data-start=\"615\" data-end=\"679\">identifiers for internal or partner portals,<\/p>\n<\/li>\n<li data-start=\"680\" data-end=\"769\">\n<p data-start=\"682\" data-end=\"769\">sometimes even <strong data-start=\"699\" data-end=\"719\">technical access<\/strong> (VPN, RDP, administration consoles, etc.).<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"771\" data-end=\"1024\" data-is-last-node=\"\" data-is-only-node=\"\">What's most worrying is that this situation remains <strong data-start=\"823\" data-end=\"868\">totally invisible to the public<\/strong> The system continues to run, agents work as normal... even though compromised accesses are circulating and can be exploited at any time.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-641f365 e-flex e-con-boxed e-con e-parent\" data-id=\"641f365\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f07620b elementor-widget elementor-widget-heading\" data-id=\"f07620b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">2. Why these leaks are so dangerous for a community<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-ae1965e e-flex e-con-boxed e-con e-parent\" data-id=\"ae1965e\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4c98c69 elementor-widget elementor-widget-text-editor\" data-id=\"4c98c69\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>These escaped identifiers allow :<\/p>\n<ul>\n<li>to enter\u00a0<strong>citizen portals<\/strong>\u00a0(online procedures, school enrolment, extracurricular services...),<\/li>\n<li>access internal administration interfaces,<\/li>\n<li>reach more sensitive departments (municipal police, social services, town planning, etc.),<\/li>\n<li>and\u00a0<strong>bounce back<\/strong>\u00a0from one department to another, or even from the web to the internal IS.<\/li>\n<\/ul>\n<div>\u00a0<\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-e3b9b99 e-flex e-con-boxed e-con e-parent\" data-id=\"e3b9b99\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5454eb8 elementor-widget elementor-widget-text-editor\" data-id=\"5454eb8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Not all leaks are created equal, but some are clearly <strong>explosive<\/strong>. This is the case, for example, for agent accounts giving access to social, school or administrative data, accounts linked to sensitive services (municipal police, finance, town planning, etc.) or even for <strong>technical access<\/strong> which can bounce to other internal servers.<\/p>\n<p>The same email\/password pair can be used to log on to a citizen portal, a business extranet, and then, through a chain of accesses, to obtain higher rights in the information system. For an attacker, this is a <strong>ideal entry point<\/strong> to prepare a ransomware attack, conduct targeted fraud, siphon off sensitive data or simply resell this access to other criminal groups.<\/p>\n<p>At Phishia, we have developed a <strong>criticality indicator<\/strong> which enables each leak to be classified and prioritized, so that efforts can be concentrated where the risk is really greatest.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-c5e964d e-flex e-con-boxed e-con e-parent\" data-id=\"c5e964d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c6bc1df elementor-widget elementor-widget-heading\" data-id=\"c6bc1df\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">3. What CTI brings to local authorities<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-b081433 e-flex e-con-boxed e-con e-parent\" data-id=\"b081433\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5476f1f elementor-widget elementor-widget-text-editor\" data-id=\"5476f1f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p data-start=\"0\" data-end=\"167\">CTI, applied to local authorities, consists of monitoring, analysing and processing everything that circulates about them. <strong data-start=\"127\" data-end=\"166\">outside their own systems<\/strong>.<\/p>\n<ul data-start=\"169\" data-end=\"1208\">\n<li data-start=\"169\" data-end=\"528\">\n<p data-start=\"171\" data-end=\"528\"><strong data-start=\"171\" data-end=\"220\">At last, a clear view of the exhibition<\/strong><br data-start=\"220\" data-end=\"223\" \/>Instead of a worrying blur of \u00abthere must be leaks somewhere...\u00bb, CTI lets you know <strong data-start=\"335\" data-end=\"406\" data-is-only-node=\"\">how many identifiers linked to the community's domain are in circulation<\/strong>, What types of accounts are concerned, what services or portals are mentioned and what accesses seem to be still active.<\/p>\n<\/li>\n<li data-start=\"530\" data-end=\"864\">\n<p data-start=\"532\" data-end=\"864\"><strong data-start=\"532\" data-end=\"570\">Distinguishing noise from real risk<\/strong><br data-start=\"570\" data-end=\"573\" \/>Good ITC doesn't just list leaks: it qualifies what is out-of-date or already invalid (low priority), what is still exploitable (high priority) and what can potentially open up access to sensitive data or enable an internal rebound (critical priority).<\/p>\n<\/li>\n<li data-start=\"866\" data-end=\"1208\">\n<p data-start=\"868\" data-end=\"1208\"><strong data-start=\"868\" data-end=\"913\">Transforming information into safety actions<\/strong><br data-start=\"913\" data-end=\"916\" \/>Based on this information, the local authority can reset or deactivate exposed accounts, reinforce the security of the portals concerned (strong authentication, filtering, restrictions), adjust its detection rules (SIEM, EDR, firewall) and raise awareness among the most exposed agents.<\/p>\n<\/li>\n<\/ul>\n<p data-start=\"1210\" data-end=\"1281\" data-is-last-node=\"\" data-is-only-node=\"\">With this approach, we go from <strong data-start=\"1243\" data-end=\"1259\">\u00abwe suffer\u00bb<\/strong> at <strong data-start=\"1263\" data-end=\"1280\">\u00abon pilot\u00bb<\/strong>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-fafe47b e-flex e-con-boxed e-con e-parent\" data-id=\"fafe47b\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-0f11270 elementor-widget elementor-widget-heading\" data-id=\"0f11270\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">4. CTI flash audit: cleaning up the dark web<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-642514a e-flex e-con-boxed e-con e-parent\" data-id=\"642514a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3597a8d elementor-widget elementor-widget-text-editor\" data-id=\"3597a8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>For communities that have never really looked at what's circulating about them, <strong>a CTI flash audit<\/strong> is an excellent entry point.<br>The idea is simple: by <strong>a few weeks<\/strong>, Get a clear picture of the situation, deal with the emergency and lay the foundations for what's to come.<\/p>\n<p>A CTI flash audit allows you to <strong>define the monitoring perimeter<\/strong> : local authority domain names, critical portals and services, sensitive profiles (elected representatives, departments, key functions).<br>It will then <strong>identify existing leaks<\/strong> These include: circulating logins (e-mail + password), mentions of local authority services or applications, and access or data offered for sale.<\/p>\n<p>Thirdly, the audit <strong>tests and qualifies leaks<\/strong> These include checking what is still valid within a controlled framework, measuring the potential impact (accessible data, rebound possibilities), and classifying cases by level of criticality.<br>On this basis, it <strong>proposes a concrete remediation plan<\/strong> These include accounts to be reset or blocked, hardening of exposed portals, and measures to limit the recurrence of new leaks (awareness-raising, password policies, MFA, etc.).<\/p>\n<p>Finally, the audit concludes with a <strong>usable report<\/strong>, We provide a summary of the current situation for decision-makers, precise technical information for the IT department and a clear prioritization of actions.<\/p>\n<p>Clearly, after a flash audit, the community knows <strong>what goes around<\/strong>, <strong>what's dangerous<\/strong>, and <strong>what has been neutralized or needs to be neutralized quickly<\/strong>.<\/p><p><br><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-f848005 e-flex e-con-boxed e-con e-parent\" data-id=\"f848005\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-eb87389 elementor-align-center elementor-tablet-align-center elementor-widget elementor-widget-button\" data-id=\"eb87389\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"\/en\/contact\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Need a quote for your Flash audit? Please contact us!<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-ba87507 e-flex e-con-boxed e-con e-parent\" data-id=\"ba87507\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-76e96a0 elementor-widget elementor-widget-heading\" data-id=\"76e96a0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">5. Phishia's role in this process<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-76884a3 elementor-widget elementor-widget-image\" data-id=\"76884a3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"800\" height=\"310\" src=\"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/TEMPLATE-Presentation-de-nos-services-1024x397.png\" class=\"attachment-large size-large wp-image-3989\" alt=\"\" srcset=\"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/TEMPLATE-Presentation-de-nos-services-1024x397.png 1024w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/TEMPLATE-Presentation-de-nos-services-300x116.png 300w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/TEMPLATE-Presentation-de-nos-services-768x298.png 768w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/TEMPLATE-Presentation-de-nos-services-1536x596.png 1536w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/TEMPLATE-Presentation-de-nos-services-18x7.png 18w, https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/TEMPLATE-Presentation-de-nos-services.png 1916w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>In a local authority, everyone works with the same domain name :@ville-X.fr, @departement-Y.fr, @metropole-Z.fr... Agents, departments, schools, municipal police, CCAS, culture, sport, elected representatives, sometimes external service providers... The result: hundreds, sometimes thousands of accounts running on the same servers, the same portals, the same systems. For an attacker, this is a golden opportunity: a single domain [...]<\/p>","protected":false},"author":3,"featured_media":3901,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[24],"tags":[29],"class_list":["post-3838","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-surveillance","tag-public"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CTI et collectivit\u00e9s territoriales : quand un seul nom de domaine expose toute la maison - Phishia<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/phishia.fr\/en\/blog\/monitoring\/cti-and-local-authorities-when-a-single-domain-name-exposes-the-whole-house\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CTI et collectivit\u00e9s territoriales : quand un seul nom de domaine expose toute la maison - Phishia\" \/>\n<meta property=\"og:description\" content=\"Dans une collectivit\u00e9 territoriale, tout le monde travaille avec\u00a0le m\u00eame nom de domaine\u00a0:@ville-X.fr,\u00a0@departement-Y.fr,\u00a0@metropole-Z.fr\u2026 Agents, directions, \u00e9coles, police municipale, CCAS, culture, sport, \u00e9lus, prestataires externes parfois\u2026R\u00e9sultat :\u00a0des centaines, parfois des milliers de comptes\u00a0qui reposent sur les m\u00eames serveurs, les m\u00eames portails, les m\u00eames syst\u00e8mes. Pour un attaquant, c\u2019est une opportunit\u00e9 en or : un seul domaine [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/phishia.fr\/en\/blog\/monitoring\/cti-and-local-authorities-when-a-single-domain-name-exposes-the-whole-house\/\" \/>\n<meta property=\"og:site_name\" content=\"Phishia\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-25T16:24:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-27T08:52:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/int-vignette-blog-2023-juillet-organisatoin-collecitivite-banniere.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"462\" \/>\n\t<meta property=\"og:image:height\" content=\"264\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\\\/\"},\"author\":{\"name\":\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/person\\\/ab1f38ad06f750da69863e8f06e86528\"},\"headline\":\"CTI et collectivit\u00e9s territoriales : quand un seul nom de domaine expose toute la maison\",\"datePublished\":\"2025-11-25T16:24:56+00:00\",\"dateModified\":\"2025-11-27T08:52:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\\\/\"},\"wordCount\":1056,\"publisher\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/int-vignette-blog-2023-juillet-organisatoin-collecitivite-banniere.webp\",\"keywords\":[\"Public\"],\"articleSection\":[\"Surveillance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\\\/\",\"url\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\\\/\",\"name\":\"CTI et collectivit\u00e9s territoriales : quand un seul nom de domaine expose toute la maison - Phishia\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/int-vignette-blog-2023-juillet-organisatoin-collecitivite-banniere.webp\",\"datePublished\":\"2025-11-25T16:24:56+00:00\",\"dateModified\":\"2025-11-27T08:52:38+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\\\/#primaryimage\",\"url\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/int-vignette-blog-2023-juillet-organisatoin-collecitivite-banniere.webp\",\"contentUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/int-vignette-blog-2023-juillet-organisatoin-collecitivite-banniere.webp\",\"width\":462,\"height\":264},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/surveillance\\\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/phishia.fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Surveillance\",\"item\":\"https:\\\/\\\/phishia.fr\\\/blog\\\/category\\\/surveillance\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"CTI et collectivit\u00e9s territoriales : quand un seul nom de domaine expose toute la maison\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#website\",\"url\":\"https:\\\/\\\/phishia.fr\\\/\",\"name\":\"Phishia\",\"description\":\"Cabinet de Conseil IT, Cybers\u00e9curit\u00e9, Durabilit\u00e9\",\"publisher\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/phishia.fr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#organization\",\"name\":\"Phishia\",\"url\":\"https:\\\/\\\/phishia.fr\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Logotype.png\",\"contentUrl\":\"https:\\\/\\\/phishia.fr\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/Logotype.png\",\"width\":512,\"height\":128,\"caption\":\"Phishia\"},\"image\":{\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/phishia\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/phishia.fr\\\/#\\\/schema\\\/person\\\/ab1f38ad06f750da69863e8f06e86528\",\"name\":\"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CTI and local authorities: when a single domain name exposes the whole house - Phishia","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/phishia.fr\/en\/blog\/monitoring\/cti-and-local-authorities-when-a-single-domain-name-exposes-the-whole-house\/","og_locale":"en_US","og_type":"article","og_title":"CTI et collectivit\u00e9s territoriales : quand un seul nom de domaine expose toute la maison - Phishia","og_description":"Dans une collectivit\u00e9 territoriale, tout le monde travaille avec\u00a0le m\u00eame nom de domaine\u00a0:@ville-X.fr,\u00a0@departement-Y.fr,\u00a0@metropole-Z.fr\u2026 Agents, directions, \u00e9coles, police municipale, CCAS, culture, sport, \u00e9lus, prestataires externes parfois\u2026R\u00e9sultat :\u00a0des centaines, parfois des milliers de comptes\u00a0qui reposent sur les m\u00eames serveurs, les m\u00eames portails, les m\u00eames syst\u00e8mes. Pour un attaquant, c\u2019est une opportunit\u00e9 en or : un seul domaine [&hellip;]","og_url":"https:\/\/phishia.fr\/en\/blog\/monitoring\/cti-and-local-authorities-when-a-single-domain-name-exposes-the-whole-house\/","og_site_name":"Phishia","article_published_time":"2025-11-25T16:24:56+00:00","article_modified_time":"2025-11-27T08:52:38+00:00","og_image":[{"width":462,"height":264,"url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/int-vignette-blog-2023-juillet-organisatoin-collecitivite-banniere.webp","type":"image\/webp"}],"author":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/phishia.fr\/blog\/surveillance\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\/#article","isPartOf":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\/"},"author":{"name":"Enzo Debosque, consultant junior en CyberS\u00e9curit\u00e9","@id":"https:\/\/phishia.fr\/#\/schema\/person\/ab1f38ad06f750da69863e8f06e86528"},"headline":"CTI et collectivit\u00e9s territoriales : quand un seul nom de domaine expose toute la maison","datePublished":"2025-11-25T16:24:56+00:00","dateModified":"2025-11-27T08:52:38+00:00","mainEntityOfPage":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\/"},"wordCount":1056,"publisher":{"@id":"https:\/\/phishia.fr\/#organization"},"image":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\/#primaryimage"},"thumbnailUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/int-vignette-blog-2023-juillet-organisatoin-collecitivite-banniere.webp","keywords":["Public"],"articleSection":["Surveillance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/phishia.fr\/blog\/surveillance\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\/","url":"https:\/\/phishia.fr\/blog\/surveillance\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\/","name":"CTI and local authorities: when a single domain name exposes the whole house - Phishia","isPartOf":{"@id":"https:\/\/phishia.fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\/#primaryimage"},"image":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\/#primaryimage"},"thumbnailUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/int-vignette-blog-2023-juillet-organisatoin-collecitivite-banniere.webp","datePublished":"2025-11-25T16:24:56+00:00","dateModified":"2025-11-27T08:52:38+00:00","breadcrumb":{"@id":"https:\/\/phishia.fr\/blog\/surveillance\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/phishia.fr\/blog\/surveillance\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/phishia.fr\/blog\/surveillance\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\/#primaryimage","url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/int-vignette-blog-2023-juillet-organisatoin-collecitivite-banniere.webp","contentUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/11\/int-vignette-blog-2023-juillet-organisatoin-collecitivite-banniere.webp","width":462,"height":264},{"@type":"BreadcrumbList","@id":"https:\/\/phishia.fr\/blog\/surveillance\/cti-et-collectivites-territoriales-quand-un-seul-nom-de-domaine-expose-toute-la-maison\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/phishia.fr\/"},{"@type":"ListItem","position":2,"name":"Surveillance","item":"https:\/\/phishia.fr\/blog\/category\/surveillance\/"},{"@type":"ListItem","position":3,"name":"CTI et collectivit\u00e9s territoriales : quand un seul nom de domaine expose toute la maison"}]},{"@type":"WebSite","@id":"https:\/\/phishia.fr\/#website","url":"https:\/\/phishia.fr\/","name":"Phishia","description":"IT Consulting, Cybersecurity, Sustainability","publisher":{"@id":"https:\/\/phishia.fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/phishia.fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/phishia.fr\/#organization","name":"Phishia","url":"https:\/\/phishia.fr\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/phishia.fr\/#\/schema\/logo\/image\/","url":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/01\/Logotype.png","contentUrl":"https:\/\/phishia.fr\/wp-content\/uploads\/2025\/01\/Logotype.png","width":512,"height":128,"caption":"Phishia"},"image":{"@id":"https:\/\/phishia.fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/phishia\/"]},{"@type":"Person","@id":"https:\/\/phishia.fr\/#\/schema\/person\/ab1f38ad06f750da69863e8f06e86528","name":"Enzo Debosque, Junior CyberSecurity Consultant"}]}},"_links":{"self":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts\/3838","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/comments?post=3838"}],"version-history":[{"count":13,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts\/3838\/revisions"}],"predecessor-version":[{"id":4097,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/posts\/3838\/revisions\/4097"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/media\/3901"}],"wp:attachment":[{"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/media?parent=3838"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/categories?post=3838"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/phishia.fr\/en\/wp-json\/wp\/v2\/tags?post=3838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}