Connect with us

Hi, what are you looking for?



Russian Hackers Target European Governments Ahead of Elections: FireEye

Hackers believed to be sponsored by the Russian government are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections, FireEye reports. 

Hackers believed to be sponsored by the Russian government are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections, FireEye reports. 

The targeting, the security firm says, is focused on NATO member states. The activity has increased significantly since mid-2018, and is ongoing. 

The attacks are being carried out by two groups that security companies refer to as APT28 (also known as Pawn Storm, Fancy Bear, Sofacy, Group 74, Sednit, Tsar Team and Strontium) and Sandworm Team (also tracked as TeleBots). 

When announcing the takedown of the “VPNFilter” botnet last year, the US Justice Department referred to the actor behind the botnet as both APT28 and Sandworm. The two, however, are seen as separate groups by security firms, although their activity is related. 

Both cyber-espionage groups, FireEye says in a report shared with SecurityWeek, are sponsored by the Russian state. 

The activity of APT28 and Sandworm Team appears aligned, although each uses different tools and methods. The former employs custom tools and has been observed deploying zero-day exploits, while the latter tends to use publicly available tools. 

In addition to European government organizations, the groups have also targeted media outlets in France and Germany, political opposition groups in Russia, and LGBT organizations with links to Russia, the security firm says. 

Usually, these hackers leverage spear-phishing as the initial method of compromise, to deliver either malicious documents or links to fake login sites, which attempt to steal passwords. The attackers also register domains similar to those that the intended victims are familiar with. 

Advertisement. Scroll to continue reading.

Targets within European governments have received emails that displayed a seemingly genuine sender and which contained links that appeared to direct to real government websites. The emails attempted to trick victims into revealing their credentials to the attackers.

“The groups could be trying to gain access to the targeted networks in order to gather information that will allow Russia to make more informed political decisions, or it could be gearing up to leak data that would be damaging for a particular political party or candidate ahead of the European elections,” said Benjamin Read, Senior Manager of Cyber Espionage Analysis at FireEye. 

“The link between this activity and the European elections is yet to be confirmed, but the multiple voting systems and political parties involved in the elections creates a broad attack surface for hackers.”

FireEye says they notified targeted organizations after identifying attacks, whenever possible. 

Related: UK, Australia Blame Russia for Bad Rabbit, Other Attacks

Related: FBI Attribution of ‘VPNFilter’ Attack Raises Questions

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

More People On The Move

Expert Insights