Russian hacking group Fancy Bear targeted Macron through phishing attacks
French presidential candidate Emmanuel Macron was targeted by the infamous Russian hacking group Fancy Bear responsible for the DNC hacks and the Podesta leaks, according to cybersecurity experts.
Macron had previously accused Russian hackers of trying to sabotage his campaign, but did not provide any evidence. Cybersecurity firm Trend Micro now reportedly has evidence that for the last two months, the group targeted the 39-year-old French presidential front-runner’s campaign through phishing attacks.
The Macron campaign’s digital director Mounir Mahjoubi confirmed that breach attempts were indeed made against the campaign, and that measures were put in place to block emails leading to the fake domains.
“We can’t be 100% sure,” he told the Wall Street Journal, “but as soon as we saw the intrusion attempts, we took measures to block access.”
Feike Hacquebord, a researcher at Trend Micro and specialist at tracking Fancy Bear, told Motherboard that there is no way to know if the campaign was successful and whether any information was accessed by the hackers.
Frederick Douzet, a professor of Geopolitics at Université Paris 8, however, said both Facebook and France’s Network and Information Security Agency (ANSSI) have, in the past, acknowledged that Fancy Bear had breached computer systems as well as Facebook accounts of a few politicians in France..
Trend Micro’s finding shows that the hacking group created at least four different domains with addresses quite similar to the official name of Macron’s party, En Marche, and of his official website, en-marche.fr.
The group had used similar tactics to launch phishing campaigns against Hillary Clinton’s campaign chairman John Podesta and former US secretary of state Colin Powell, who ultimately gave away their passwords, opening up their inbox to the hackers.
The Russian group, which works under several aliases including APT28, Pawn Storm and Sofacy Group, has a successful track record of using phishing to go after eminent targets. The group uses email domains that trick the victim into thinking the phishing email is legitimate.
In this case, one of the fake domains the hackers used was onedrive-en-marche[.]fr. Since the Macron campaign used Microsoft Outlook for their email communications, a domain name similar to another Microsoft cloud product OneDrive would make the fake domain seem authentic to most users.
There are fears that the French elections might be hacked and that Macron’s political ideology may be the main reason for attackers to target his campaign. While Macron is pro-European Union, his rival Marine Le Pen is more pro-Russian and has threatened to pull France out of the EU if she wins the elections.