Trend Mirco tells it detected fake web domains for French presidential nominee on digital infrastructure used by group named Pawn Storm
The campaign of the French presidential frontrunner, Emmanuel Macron, has been targeted by hackers linked to Russia, according to researchers with a Japanese anti-virus firm.
The researchers added to previous suggestions that the centrist legislator was being singled out for electronic eavesdropping by the Kremlin.
On Monday, Mounir Mahjoubi, digital chief for the Macron campaign, confirmed there had been attempted intrusions but said they had all been frustrated. Its serious, but nothing was compromised, he said.
Macron faces his competitor, the far-right Marine Le Pen in Frances presidential runoff on 7 May. Macron favours a strong EU, while Le Pen wants to pull France out of the bloc.
The Tokyo-based firm, Trend Micro, said it had stimulated the discovery by monitoring the creation of rascal, lookalike websites, which were often used by hackers to trick victims into disclosing their online passwords.
The company recently saw four fake Macron-themed domains being set up on digital infrastructure used by a group it called Pawn Storm, according to Feike Hacquebord, a Trend Micro researcher.
Mahjoubi confirmed that at least one of the sites had recently been used as part of an attempt to steal campaign staffers online credentials.
Unmasking groups behind any snooping campaigns is one of the most challenging aspects of cybersecurity, but Hacquebord said he was confident that Trend Micro had succeeded. This is not a 100% verification, but its very, very, likely, he told, adding that the political nature of the targeting was really in line with what theyve been doing in the last two years.
Trend Micro did not accuse any country of pulling the strings of Pawn Storm, a cyber espionage group. But US spy agencies and a variety of threat intelligence firms said that Pawn Storm, an extraordinarily prolific group also known as Fancy Bear or APT 28, was an arm of Russias intelligence apparatus.
French officials have tended to be more circumspect than their American counterparts, repeatedly declining to tie Pawn Storm to any specific source.
Russian government officials have long denied claims of state-sanctioned hacking. On Tuesday, Vladimir Putins spokesman, Dmitry Peskov, rejected the most recent coverage as anonymous, unsubstantiated reports.
The Associated Press left several messages with the hacker or hackers who had registered the rascal Macron websites. No message was received in return.
Mahjoubi said the attempts to penetrate the Macron campaign dated to December 2016. In February this year, the campaign complained publicly of being targeted by Russia-linked electronic spying operations, although it offered no proof at the time.
Trend Micros report, which was produced independently of the Macron campaign and lists 160 electronic espionage operations across a series of targets, adds a measure of proof to the notion even if the fact that the rascal websites were registered in March and April did not line up with the campaigns timeline.
The French election has been closely watched for signs of digital interference of different kinds. Many commentators fear a repeat of the US electoral contest in 2016, when hackers allegedly backed by Moscow broke into the email inboxes of the Democratic National Committee and other political spies. Stolen documents subsequently appeared on WikiLeaks and other more mysterious websites, putting the Democrat on the defensive during their losing campaign against Donald Trump, who became US president.
Read more: www.theguardian.com