Paris, France | AFP | French presidential candidate Emmanuel Macron’s political campaign was targeted by a group of Russian hackers last month, according to a report by a cybersecurity research group on Tuesday.
The Pawn Storm group, which has been linked to several high-profile attacks in the West, used “phishing” techniques to try to steal personal data from Macron and members of his En Marche! campaign, Japan-based Trend Micro said.
Pawn Storm, also known as APT28, is also believed to be behind the attacks last summer on the US Democratic National Committee, thought to be aimed at undermining Hillary Clinton’s presidential bid.
It is widely suspected of having links to Russia’s security services, and Moscow has been seen as a keen backer of Macron’s rival in the presidential race Marine Le Pen, who met President Vladimir Putin in a surprise visit to Moscow ahead of the vote.
Macron and Le Pen were the top two finishers in the first round of voting on Sunday, moving on to the second-round run-off on May 7.
“There is always some technical uncertainty when it comes to attribution,” Loic Guezo, a strategist for Southern Europe at Trend Micro, told AFP.
“But we have analysed the operating tactics with data compiled over two years, which allowed us to determine the source.”
The director of Macron’s digital campaign, Mounir Mahjoubi, welcomed the report after “constant attacks of all sorts, including phishing attacks, since December and January”.
“We weren’t able to attribute them to anyone, which is what this report does. It confirms the suspicions we have had since February,” Mahjoubi told AFP.
He added that the campaign had bolstered its digital defences in the wake of the attacks, including cutting connections to the computer servers hosting the campaign’s network in February after an attack coming from Ukraine.
“But we shouldn’t be naive. With cyberattacks, a group of hackers can also work for a bigger group or interests. It would take an investigation to find out for sure, and a presidential campaign is not the time for that,” Mahjoubi said.
– ‘Plenty of resources’ –
Other suspected Pawn Storm targets in recent months include media groups such as The New York Times and Al-Jazeera.
Several political officials and government agencies also see the group behind sophisticated attacks, including ones targeting German Chancellor Angela Merkel’s CDU party, government ministries in Denmark and the Czech Republic, and the Organisation for Security and Cooperation in Europe.
“To focus on such a range of targets over such a long time, you need plenty of human and financial resources,” Guezo said.
But on Monday, Russia denied any involvement in the French election.
“Which groups? Where do they come from? Why Russia?” Kremlin spokesman Dmitry Peskov said.
“It resembles the accusations made by Washington which to this day remain hollow, and they do no honour to the people making them.”
It is not the first time that Macron’s En Marche! has sustained a phishing attack, in which email users are tricked into clicking on a link that appears legitimate or from a legitimate sender, which then lets hackers burrow into their account or even a larger computer network.
An internal campaign report details thousands of attempted attacks or intrusions since Macron launched his campaign last year, which Richard Ferrand, the campaign’s secretary-general, said in February were “organised and coordinated by a structured group, and not individual hackers.”
Also in February, Macron’s spokesman Benjamin Griveaux accused the Kremlin of mounting a “smear campaign” via state media against the centrist former economy minister, a staunch defender of the European Union.
For Trend Micro, the targeting of Macron’s campaign is simply the latest in a long list of attempted hacking attacks by the Russian group.
“As we look at Pawn Storm’s operations over a two-year period, we can see how the group has become more adept at manipulating events and public opinion through the gathering and controlled release of information,” it said in its report.