Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

French Presidential Candidate Targeted by Russia-Linked Hackers

A notorious cyber espionage group linked to the Russian government has targeted the political party of French presidential candidate Emmanuel Macron, according to a report published on Tuesday by Trend Micro.

A notorious cyber espionage group linked to the Russian government has targeted the political party of French presidential candidate Emmanuel Macron, according to a report published on Tuesday by Trend Micro.

The news comes shortly after Macron won the first round of France’s presidential election. Many believe he will become the county’s next president after he was endorsed by several top politicians, including former opponents in the presidential race.

Trend Micro’s report describes the activities of the threat actor known as Pawn Storm, APT28, Fancy Bear, Sofacy, Sednit and Strontium. Researchers have identified tens of military, government, defense, media, political, religious, educational and international organizations targeted by the group.

An analysis of the phishing domains used by the hackers suggests that one of the targets was Macron’s campaign. The attackers registered the domain onedrive-en-marche.fr, which is similar to en-marche.fr, the official website of Marcon’s En Marche! party, likely in an effort to get users to hand over their credentials.

Macron’s campaign has confirmed for The Wall Street Journal that staffers received phishing emails, but claimed the hacking attempts had failed. The National Cybersecurity Agency of France (ANSSI) also confirmed the attacks, but refused to comment on their origin, Reuters reported.

A representative of En Marche! has accused Russia of interfering with the elections in an effort to help pro-Moscow candidates, but Russia has denied any involvement in the hacker attacks.

According to Trend Micro, the En Marche phishing site was set up in mid-March. The security firm also discovered a phishing domain apparently set up to target the Konrad-Adenauer-Stiftung (KAS) political foundation in Germany. The KAS phishing site, named kassap.de, was created in early April.

Last year, Trend Micro also reported seeing a Pawn Storm attack aimed at Germany’s Christian Democratic Union, the political party of Chancellor Angela Merkel.

Advertisement. Scroll to continue reading.

Pawn Storm’s political operations have made a lot of headlines, particularly after the group targeted organizations affiliated with the Democratic Party in the United States. The U.S. officially accused Russia of launching the cyberattacks, and authorities confirmed recently that an investigation is underway to determine if the attacks had an impact on this year’s presidential elections.

Trend Micro pointed out in its report that Pawn Storm has often relied on so-called false flag operations. Individuals and groups claiming to be hacktivists have taken credit for several of the attacks attributed to Pawn Storm.

For instance, an individual using the online moniker Guccifer 2.0 has taken credit for the Democratic Party attacks, and a group calling itself Fancy Bears claimed to have been behind the attack on the World Anti-Doping Agency (WADA). Several other “hacktivist” groups have been connected to Pawn Storm, including Cyber Caliphate, which claimed to be linked to ISIS when it attacked the U.S. Army and French TV station TV5Monde back in 2015.

Related: FBI Probes Democratic Email Hack, but is Russia to Blame?

Related: Google Launches Free “Protect Your Election” Service

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...