The hackers behind a “massive and coordinated” attack on the campaign of France’s president-elect, Emmanuel Macron, have been linked by a number of cybersecurity research firms to the same Russian-affiliated group blamed for attacking the Democratic party shortly before the US election.
Tens of thousands of internal emails and other documents were released online overnight on Friday as the midnight deadline to halt campaigning in the French election passed.
New York’s Flashpoint Intelligence and Tokyo-based Trend Micro have shared intelligence that suggests that the hacking group known variously as Advanced Persistent Threat 28, Fancy Bear and Pawn Storm was responsible. The group has been liked with the GRU, the Russian military intelligence directorate.
Vitali Kremez, director of research at Flashpoint, said his review indicated APT 28 was behind the leak. APT28 last month registered decoy internet addresses to mimic the name of Macron’s movement, En Marche!, which it probably used to send tainted emails to hack into the campaign’s computers, Kremez said. Those domains include onedrive-en-marche.fr and mail-en-marche.fr.
“If indeed driven by Moscow, this leak appears to be a significant escalation over the previous Russian operations aimed at the US presidential election, expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome,” Kremez said.
similarly identified links between the hacks, with the same organisation registering a phishing address used in the DNC hacks in April 2016 and the Macron address in March this year. That organisation had also registered domain names with the apparent purpose of stealing details from Germany’s CDU and KAS, and from Montenegrin members of parliament.
Macron, an independent centrist, won Sunday’s runoff election against the far-right Marine Le Pen by a 66% to 34% margin.
EU capitals expressed relief that France had proven not to be the next domino to fall after…