The Atlanta Journal-Constitution
Russia-linked hackers targeted Macron, experts say
French presidential candidate’s staffers hit by phishing scam.
PARIS — Researchers with the Japanese anti-virus firm Trend Micro say the campaign of French presidential front-runner Emmanuel Macron has been targeted by Russia-linked hackers, adding more details to previous suggestions that the centrist politician was being singled out for electronic eavesdropping by the Kremlin.
The campaign’s digital chief, Mounir Mahjoubi, confirmed the attempted intrusions in a telephone interview late Monday but said they had all been thwarted.
“It’s serious, but nothing was compromised,” he said.
The French presidential race is not yet over. Macron faces far-right rival Marine Le Pen in France’s presidential runoff on May 7. Macron favors a strong European Union, while Le Pen wants to pull France out of the bloc, weakening it.
Trend Micro said it discovered the campaign by monitoring the creation of rogue, lookalike websites often used by hackers to trick victims into giving up their passwords. The Tokyobased firm recently detected four Macron-themed fake domains being set up on digital infrastructure used by a group it calls Pawn Storm, according to Trend Micro researcher Feike Hacquebord.
Mahjoubi confirmed that at least one of the sites had recently been used as part of an attempt to steal campaign staffers’ online credentials.
Unmasking which group is behind this or that spying campaign is one of the most challenging aspects of cybersecurity, but Hacquebord said he was confident Trend Micro had gotten it right.
“This is not a 100 percent confirmation, but it’s very, very likely,” Hacquebord said, adding the political nature of the targeting was “really in line with what they’ve been doing in the last two years.”
Trend Micro has stopped short of accusing any country of pulling Pawn Storm’s strings, but American spy agencies and a variety of threat intelligence firms say that Pawn Storm, an extraordinarily prolific group also known as Fancy Bear or APT28, of being an arm of Russia’s intelligence apparatus.
French officials have also tended to be more circumspect than their American counterparts, repeatedly declining to tie Pawn Storm to any specific actor.
Russian government officials have long denied claims of state-sanctioned hacking.
On Tuesday, Kremlin spokesman Dmitry Peskov dismissed the most recent coverage as “anonymous, unsubstantiated reports.”
Mahjoubi said the attempts to penetrate the Macron campaign date back to December.
In February, the campaign complained publicly of being targeted by Russia-linked electronic spying operations, although it offered no proof at the time.