A powerful cyber attack came close to destroying a French TV network, its director-general has told BBC News.
TV5Monde was taken off air in April 2015. A group calling itself the Cyber Caliphate, linked to so-called Islamic State, first claimed responsibility.
But an investigation now suggests the attack was in fact carried out by a group of Russian hackers.
The attack used highly targeted malicious software to destroy the TV network's systems.
Wednesday April 8th was a big day for Yves Bigot, the director-general of TV5Monde.
His network, which broadcasts around the world, had just launched its latest channel. French ministers had been in attendance at the Paris headquarters.
That evening Mr Bigot went for dinner to celebrate with a counterpart from Radio Canada.
Just as they were being served their appetisers at 20:40 local time, a flood of texts and calls informed him that all 12 channels had gone off air.
"It's the worst thing that can happen to you in television," Mr Bigot told me in his Paris office.
It quickly became clear that the network had been subject to a serious cyber-attack.
"We were a couple of hours from having the whole station gone for good."
It was a race against time - more systems were corrupted with every passing minute. Any substantial delay would have led satellite distribution channels to cancel their contracts, placing the entire company in jeopardy.
"We were saved from total destruction by the fact we had launched the channel that day and the technicians were there," said Mr Bigot.
"One of them was able to locate the very machine where the attack was taking place and he was able to cut out this machine from the internet and it stopped the attack."
At 05:25 local time, one channel was restored. Others followed later that morning.
"We owe a lot to the engineer who unplugged that particular machine. He is a hero here," Mr Bigot said.
The attack was far more sophisticated and targeted than reported at the time. The perpetrators had first penetrated the network on January 23rd.
They carried out reconnaissance of TV5Monde to understand the way in which it broadcast its signals. They then fabricated bespoke malicious software to corrupt and destroy the internet-connected hardware that controlled the TV station's operations - such as the encoder systems used to transmit programmes.
The attackers used seven different points of entry. Not all of them were part of TV5Monde or in France. In one case, a company based in the Netherlands was targeted because it supplied the remote controlled cameras used in TV5's studios.
At 20:40 local time - when the first calls were made - the people in charge of digital content at the broadcaster told Mr Bigot that messages had been posted on the channel's Twitter and Facebook pages.
The hackers said they were from a group calling themselves the Cyber Caliphate, and made threats against France. It was only a few months since the Charlie Hebdo attacks and it seemed this could have been a follow-up strike by so-called Islamic State (IS).
But as the investigation by French authorities began, a different picture began to emerge.
France's cyber-agency told Mr Bigot to be careful about linking the incident directly to IS - instead he was advised to say only that the messages claimed to be from IS.
The investigators had come to believe that the attackers had used the jihadist posts to try to cover their tracks.
Mr Bigot was later told evidence had been found that his network had been attacked by a group of Russian hackers, who are known as APT 28.
"I have absolutely no idea," said Mr Bigot, when I asked why TV5Monde had been targeted.
He explained that the investigators had only been able to prove two things.