Security Experts:

Connect with us

Hi, what are you looking for?



French Presidential Candidate Targeted by Russia-Linked Hackers

A notorious cyber espionage group linked to the Russian government has targeted the political party of French presidential candidate Emmanuel Macron, according to a report published on Tuesday by Trend Micro.

A notorious cyber espionage group linked to the Russian government has targeted the political party of French presidential candidate Emmanuel Macron, according to a report published on Tuesday by Trend Micro.

The news comes shortly after Macron won the first round of France’s presidential election. Many believe he will become the county’s next president after he was endorsed by several top politicians, including former opponents in the presidential race.

Trend Micro’s report describes the activities of the threat actor known as Pawn Storm, APT28, Fancy Bear, Sofacy, Sednit and Strontium. Researchers have identified tens of military, government, defense, media, political, religious, educational and international organizations targeted by the group.

An analysis of the phishing domains used by the hackers suggests that one of the targets was Macron’s campaign. The attackers registered the domain, which is similar to, the official website of Marcon’s En Marche! party, likely in an effort to get users to hand over their credentials.

Macron’s campaign has confirmed for The Wall Street Journal that staffers received phishing emails, but claimed the hacking attempts had failed. The National Cybersecurity Agency of France (ANSSI) also confirmed the attacks, but refused to comment on their origin, Reuters reported.

A representative of En Marche! has accused Russia of interfering with the elections in an effort to help pro-Moscow candidates, but Russia has denied any involvement in the hacker attacks.

According to Trend Micro, the En Marche phishing site was set up in mid-March. The security firm also discovered a phishing domain apparently set up to target the Konrad-Adenauer-Stiftung (KAS) political foundation in Germany. The KAS phishing site, named, was created in early April.

Last year, Trend Micro also reported seeing a Pawn Storm attack aimed at Germany’s Christian Democratic Union, the political party of Chancellor Angela Merkel.

Pawn Storm’s political operations have made a lot of headlines, particularly after the group targeted organizations affiliated with the Democratic Party in the United States. The U.S. officially accused Russia of launching the cyberattacks, and authorities confirmed recently that an investigation is underway to determine if the attacks had an impact on this year’s presidential elections.

Trend Micro pointed out in its report that Pawn Storm has often relied on so-called false flag operations. Individuals and groups claiming to be hacktivists have taken credit for several of the attacks attributed to Pawn Storm.

For instance, an individual using the online moniker Guccifer 2.0 has taken credit for the Democratic Party attacks, and a group calling itself Fancy Bears claimed to have been behind the attack on the World Anti-Doping Agency (WADA). Several other “hacktivist” groups have been connected to Pawn Storm, including Cyber Caliphate, which claimed to be linked to ISIS when it attacked the U.S. Army and French TV station TV5Monde back in 2015.

Related: FBI Probes Democratic Email Hack, but is Russia to Blame?

Related: Google Launches Free “Protect Your Election” Service

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...