Russian hackers targeted Macron campaign: report
President Vladimir Putin in a surprise visit to Moscow ahead of the vote.
“There is always some technical uncertainty when it comes to attribution,” Loic Guezo, a strategist for Southern Europe at Trend Micro, said. “But we have analysed the operating tactics with data compiled over two years, which allowed us to determine the source.”
The report has heightened concerns Russia may turn its playbook on France in an effort to harm Macron’s candidacy and bolster that of Marine Le Pen in the final weeks of the French presidential campaign.
Trend Micro said that on March 15, they spotted a hacking group they believe to be a Russian intelligence unit turn its weapons on Macron’s campaign – sending emails to campaign officials and others with links to fake websites designed to bait them into turning over passwords.
The group began registering several decoy internet addresses last month and as recently as April 15, naming one onedriveen-marche.fr and another mailen-marche.fr to mimic the name of Macron’s political party.
Those websites were registered to a block of web addresses that Trend Micro’s researchers say belong to the Russian intelligence unit they refer to as Pawn Storm. US and European intelligence agencies and US private security researchers determined that the group was responsible for hacking the Democratic National Committee last year.
The Kremlin scoffed at the allegations of involvement in the French election. Dmitry Peskov, the spokesman for President Vladimir Putin, said on Monday in Moscow that “this all recalls the accusations that came from Washington and which are still suspended in thin air”. In remarks to Russian news media, he added that Russia had “never interfered in foreign elections”.
But the report’s findings gave some credence to the “strong suspicions” voiced weeks before Sunday’s voting by Macron’s digital director, Mounir Mahjoubi, that Moscow was the source of what he said had been a barrage of “highly sophisticated” efforts to gain access to the campaign’s email accounts.
Mahjoubi said in an interview Monday and earlier in April that he had no proof of a Russian role, but that the nature and timing of so-called phishing attacks and web assaults on the Macron campaign had stirred worries that Russia was repeating in France what US intelligence agencies say was a concerted effort to undermine Hillary Clinton’s campaign.
“The phishing pages we are talking about are very personalised web pages to look like the real address,” Mahjoubi added. Anyone could easily think he was logging in to his own email. “They were pixel perfect,” he said on Monday night. “It’s exactly the same page. That means there was talent behind it and time went into it: talent, money, experience, time and will.”
The goal was to obtain the email passwords of campaign members so a cyberattacker could lurk unseen inside an email account reading confidential correspondence. “If you are speed reading as you sign on, and everybody speed reads online, it’s something you might not notice,” Mahjoubi said. “For instance, it uses a hyphen instead of a dot, and if you are speed reading you don’t look at the URL.”
Unlike the attacks aimed at Clinton’s staff, those directed at the Macron camp, Mahjoubi said, failed to gain access to any email accounts used by the candidate or his lieutenants.
Russia, or at least its state-controlled media, clearly favoured Le Pen, who criticised European Union sanctions imposed on Russia after it annexed Crimea in 2014 and voiced support for Moscow’s intervention in Syria to prop up President Bashar al-Assad.