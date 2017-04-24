| FRANKFURT, April 24
FRANKFURT, April 24 The campaign of Emmanuel
Macron, the favourite to win France's presidential election, has
been targeted by a cyber espionage group linked by some experts
to the Russian military intelligence agency GRU.
Feike Hacquebord, a researcher with security firm Trend
Micro said he had found evidence that the spy group, dubbed
"Pawn Storm", targeted the Macron campaign with email phishing
tricks and attempts to install malware on the campaign site.
He said telltale digital fingerprints linked the Macron
attacks with those last year on the U.S. Democratic National
Committee (DNC) the campaign of presidential candidate Hillary
Clinton, and that similar techniques were used to target German
Chancellor Angela Merkel's party in April and May of 2016.
"We have seen that phishing sites were set up and the
fingerprints were really the same actors as in the DNC breach,"
Hacquebord told Reuters.
Russia denied any involvement in the attacks on Macron's
campaign.
Security experts say Pawn Storm is known to let time pass
before leaking stolen documents and that any hacking of Macron's
campaign in recent months is unlikely to influence the run-up to
the May 7 second round. But, if documents have been stolen, they
could be used to undermine Macron's presidency should he win.
A spokesman for French government cyber security agency
ANSSI confirmed the attacks on the Macron campaign, but declined
to say whether the Russian-linked group was to blame.
"What we can establish is that it’s the classic operation
procedure of Pawn Storm," the spokesman said. "However, we will
not attribute the attack because we can very easily be
manipulated and the attacker could pass themselves off as
somebody else."
The Macron campaign was not immediately available to
comment.
In the run-off vote, Macron, a liberal internationalist who
has been critical of Russian foreign policy, will face far-right
leader Marine Le Pen who has taken loans from Russian banks and
advocated pro-Kremlin policies.
Hacquebord said the Pawn Storm group set up four fake email
phishing accounts to mount attacks against Macron's "En
Marche!", or "Onwards", using a fake server located at
onedrive-en-marche.fr and similar site names in March and April.
The attack was mounted using computers based in France,
Britain and other countries, he said.
"These kinds of attacks are quite dangerous," Hacquebord
said. "Credential phishing is probably a very good way to try
and compromise a political party."
"WHY RUSSIA?"
Pawn Storm, one of the world’s oldest cyber espionage
groups, has also been called APT 28, Fancy Bear, Sofancy and
Strontium by a range of security firms and government officials.
Security firm CrowdStrike has said the group may be
associated with the Russian military intelligence agency GRU.
Other U.S.-based firms Dell SecureWorks, FireEye and
ThreatConnect have also found ties to the Russian government.
Hacquebord's Tokyo-based Trend Micro has consistently said
conclusive proof of Russian involvement is hard given the
difficulty of attributing cyber attacks.
"What (hacking) groups? From where? Why Russia? This
slightly reminds me of accusations from Washington, which have
been left hanging in mid-air until now and do not do their
authors any credit," Kremlin spokesman Dmitry Peskov told
reporters on Monday.
Hacquebord, author of a dozen reports over the past two
years detailing the group’s methods, said the attacks he
uncovered appear to differ from ones described by Macron’s
campaign in February.
Richard Ferrand, secretary-general of En Marche!, made the
first direct accusation by a French political party that Russia
was trying influence the outcome of the elections. (reut.rs/2pshZEF).
Ferrand told a Feb 13 news conference that the En Marche
campaign was being hit by "hundreds if not thousands" of attacks
on its networks, databases and sites from locations inside
Russia.
Pawn Storm has become widely known since 2014 for its
increasingly brazen attacks against Western leaders,
governments, militaries and industrial and media organisations.
Its origins date back a decade earlier to attacks on
opposition activists in Russia and governments in neighbouring
countries such as Ukraine.
(Additional reporting by Marine Pennetier in Paris and Peter
Maushagen in Frankfurt; editing by Richard Lough)