WorldViews Cyberattack on French presidential front-runner bears Russian ‘fingerprints,’ research group says By Rick Noack April 25 at 8:18 AM - Washingtonpost.com
French presidential election candidate for the En Marche movement Emmanuel Macron delivers a speech during a campaign rally in Reims on March 17. (François Nascimbeni/AFP via Getty Images) PARIS — A security firm claimed Tuesday that a new cyberattack against the campaign offices of the front-runner in France's presidential race carried similar digital “fingerprints” to the suspected Russian hacking of the Democratic National Committee and others.
The report, released by the Trend Micro research group, did not disclose what possible fallout the infiltration had on the campaign of Emmanuel Macron, a centrist who is in a two-person runoff with far-right rival Marine Le Pen in the May 7 election.
But if a Russian connection was proved, the hacking would add to mounting allegations of Moscow-backed attempts to influence Western elections in favor of candidates with policies potentially more favorable to the Kremlin. Le Pen has voiced opposition to the powers of the European Union and has called for better ties with Russia, echoing some of the campaign rhetoric of President Trump.
[Le Pen goes from fringe right-winger to major contender]
Tokyo-based Trend Micro said Macron's campaign was targeted in March and April by a cyberspy group called “Pawn Storm.” It is the same group that has allegedly used phishing and malware to infiltrate other political organizations, such as Angela Merkel's Christian Democratic Union party in Germany and the Democratic National Committee.
“There are several things which suggest that the group behind the Macron hacking was also responsible for the DNC breach, for example. We found similarities in the IP addresses and malware used in the attacks,” said Rik Ferguson, the vice president of the company’s security research program.
“We cannot say for sure whether this was directed by the Russian government but the group behind the attacks certainly appears to pursue Russian interests,” added Ferguson, speaking from the company's London offices.
According to the research firm, the hackers created several email addresses on a fake server with the URL onedrive-en-marche.fr, operating from computers with IP addresses in multiple European nations including Britain.
The phishing attacks discovered by the Trend Micro research group appear to be distinct from hacking allegations the Macron campaign itself made in February.
At the time, the campaign's secretary general, Richard Ferrand, said its websites and networks were under constant attacks from hackers believed to be located in Russia and accused the Russian government of trying to influence the election.
The French government's cybersecurity agency ANSSI confirmed the more recently discovered cyberattacks against Macron, but stopped short of drawing connections to the earlier hacking. The agency left open the possibility that the recent attacks could be the work of “other high-level” hackers trying to point the blame at “Pawn Storm.”
The Macron campaign did not immediately respond to a request for comment. The Russian government has denied any connections to the hackings.
Macron Victim of Cyber Attack Similar to U.S. Democratic Party’s
Trend Micro attributes the attacks to hacker group Pawn Storm
Front-runner’s campaign says network hasn’t been compromised
French presidential front-runner Emmanuel Macron has been hit repeatedly in recent weeks by cyber attacks closely resembling those used to infiltrate Democratic Party organizations in the U.S. last year, according to a report by cyber-security consultant Trend Micro.
French Election: Latest Coverage
Trend Micro attributed the attacks to Pawn Storm, which it described as an "active cyber espionage actor group" that has carried out such hits in more than a dozen countries. The French government’s cyber-security agency ANSSI confirmed it has identified such attacks, saying it was “a classic modus operandi of Pawn Storm.” It, however, said the attacks could also be the work “other high-level” hackers trying to pin the operations on Pawn Storm.
Some cyber-security experts have linked Pawn Storm to Russian intelligence services, but Trend Micro has no proof of Russia’s involvement, said Loïc Guéza, a Paris-based cyber-security strategist for the company.
Macron, who faces a May 7 election runoff against the National Front’s Marine Le Pen, has complained previously that Russian state news agencies have tried to disrupt his campaign with fake news reports. Last month, Macron was hit by a fake-news hoax in which a bogus website resembling the site of Belgian newspaper Le Soir reported that Saudi Arabia was financing his campaign.
Between mid-March and mid-April, Pawn Storm hackers set up at least five fake websites resembling those of Macron’s campaign site, Guéza said.
Emails were sent from the sites to people connected to the campaign, with attachments that would plant spyware on their computers if opened. The technique, known as spearphishing, can cause major damage. That’s what happened last year when hackers released a trove of emails that cast the Democratic presidential candidate Hillary Clinton in an unfavorable light. The U.S. is now investigating possible Russian involvement in that case.
Polls suggest Macron would beat Le Pen in the runoff by at least 20 percentage points. The front-runner, who takes a tougher stance on Russia than Le Pen, has charged Kremlin-controlled media outlets with spreading baseless news about him. In March, Le Pen, who favors lifting sanctions against Russia, traveled to Moscow and was received by Russian President Vladimir Putin.
Macron aides said they don’t think the attacks on his campaign have succeeded.
Aurore Berge, a campaign adviser, said that campaign staff members "hardly use any email," banking instead on encrypted messaging services for most digital communication.
In an interview published Monday on French news website Silicon.fr , Mounir Mahjoubi, Macron’s director of digital operations, said hackers had "gathered all the names, public or semi-public, associated with the team of [Macron’s campaign] and targeted all of them."
Fake Logins
However, Mahjoubi told Silicon.fr that the campaign had taken measures to prevent spyware infection from such emails, and even counter-attacked the hackers, "by sending them massive numbers of fake logins and passwords." Calls by Bloomberg to Mahjoubi were not answered.
According to Trend Micro, other targets of Pawn Storm include German Chancellor Angela Merkel’s CDU party, which was attacked in May and June 2016, and the Konrad Adenauer Stiftung, a foundation associated with the CDU, hit earlier this month.
well, trend micro got real big back in the stuxnet days, and I had to wipe one of my machines after one of my employee's alerted me she was using trend micro to fix a bug problem...
that being said, trend micro was founded in tokyo back in the 80's and NSA openly admits to have been operating there with the Japanese before then, NSA has a brand new office in tokyo now,,,there was news about it this morning...
Coincidence? i don't know, just connecting dots, & a good hacker will always fake another hackers signature.
all i know personally is all my parts/service catalogues spanning 30 years for my MVPA vehicles are in protected computer files, i never download anything on my personal machines, i learned the hard way from stuxnet days.
i use 2 throw away machines for sale postings/updates & state crap. and my own personal security recipe is holding up very well considering other staff personal machines crash continuously.
GUZMAN1: Macron Victim of Cyber Attack Similar to U.S. Democratic Party’s
Trend Micro attributes the attacks to hacker group Pawn Storm
Front-runner’s campaign says network hasn’t been compromised
French presidential front-runner Emmanuel Macron has been hit repeatedly in recent weeks by cyber attacks closely resembling those used to infiltrate Democratic Party organizations in the U.S. last year, according to a report by cyber-security consultant Trend Micro.
French Election: Latest Coverage
Trend Micro attributed the attacks to Pawn Storm, which it described as an "active cyber espionage actor group" that has carried out such hits in more than a dozen countries. The French government’s cyber-security agency ANSSI confirmed it has identified such attacks, saying it was “a classic modus operandi of Pawn Storm.” It, however, said the attacks could also be the work other high-level hackers trying to pin the operations on Pawn Storm.
Some cyber-security experts have linked Pawn Storm to Russian intelligence services, but Trend Micro has no proof of Russia’s involvement, said Loïc Guéza, a Paris-based cyber-security strategist for the company.
Macron, who faces a May 7 election runoff against the National Front’s Marine Le Pen, has complained previously that Russian state news agencies have tried to disrupt his campaign with fake news reports. Last month, Macron was hit by a fake-news hoax in which a bogus website resembling the site of Belgian newspaper Le Soir reported that Saudi Arabia was financing his campaign.
Between mid-March and mid-April, Pawn Storm hackers set up at least five fake websites resembling those of Macron’s campaign site, Guéza said.
Emails were sent from the sites to people connected to the campaign, with attachments that would plant spyware on their computers if opened. The technique, known as spearphishing, can cause major damage. That’s what happened last year when hackers released a trove of emails that cast the Democratic presidential candidate Hillary Clinton in an unfavorable light. The U.S. is now investigating possible Russian involvement in that case.
Polls suggest Macron would beat Le Pen in the runoff by at least 20 percentage points. The front-runner, who takes a tougher stance on Russia than Le Pen, has charged Kremlin-controlled media outlets with spreading baseless news about him. In March, Le Pen, who favors lifting sanctions against Russia, traveled to Moscow and was received by Russian President Vladimir Putin.
Macron aides said they don’t think the attacks on his campaign have succeeded.
Aurore Berge, a campaign adviser, said that campaign staff members "hardly use any email," banking instead on encrypted messaging services for most digital communication.
In an interview published Monday on French news website Silicon.fr , Mounir Mahjoubi, Macron’s director of digital operations, said hackers had "gathered all the names, public or semi-public, associated with the team of [Macron’s campaign] and targeted all of them."
Fake Logins
However, Mahjoubi told Silicon.fr that the campaign had taken measures to prevent spyware infection from such emails, and even counter-attacked the hackers, "by sending them massive numbers of fake logins and passwords." Calls by Bloomberg to Mahjoubi were not answered.
According to Trend Micro, other targets of Pawn Storm include German Chancellor Angela Merkel’s CDU party, which was attacked in May and June 2016, and the Konrad Adenauer Stiftung, a foundation associated with the CDU, hit earlier this month.
DEMS was a Leak,not Hack! Malware these days is so common,it is near impossible who has employed it! Just because it has a particular Signature doesn't mean that the Author of it has originated the attack!
raphael119: Hows your friend in Russia doing these days?
I have many good friends all over the world Rapeal ... many I've met and a few who are yet to be met, and they're all doing more or less very nicely thank you! The usual ups and downs of course, but ... you know ( oh, no sorry - you'd not know ) keeping their chins up!
You should try 'being decent to people' some time, and stop attacking people and countries that you're ignorant of ... ( that would be, for example, the USA and the RoTW ) who knows, you might be able to find a friend(s) too ?
May 11, 2017 5:08 AM CST Cyberattack on French presidential front-runner Macron ... could it be Russians?
BritishLondonManchester, Greater Manchester, England UK323 Posts
BritishLondonManchester, Greater Manchester, England UK323 posts
It's a moot point. The likelihood is this would do as much good as it does harm to the chances of Macron getting elected. I don't think the plan is to change the outcome, I think it is to discredit the outcome to manufacture chaos(and you're helping). When European nationalists are finally elected they will not be the friends of Putin which they seem to be at present.
May 11, 2017 5:23 AM CST Cyberattack on French presidential front-runner Macron ... could it be Russians?
BritishLondonManchester, Greater Manchester, England UK323 Posts
BritishLondonManchester, Greater Manchester, England UK323 posts
BritishLondon: It's a moot point. The likelihood is this would do as much good as it does harm to the chances of Macron getting elected. I don't think the plan is to change the outcome, I think it is to discredit the outcome to manufacture chaos(and you're helping). When European nationalists are finally elected they will not be the friends of Putin which they seem to be at present.
We're very vulnerable in a period of transition and change and Russia knows how up in the air we are. But that's no reason not to change knowing that doing so exposes a flank and also knowing that there are people in this world who really are out to get you. Knowing people are out to get you should not be an excuse for inaction, rather it should be a spur for doing more.
raphael119washington d.c., District of Columbia USA5,181 posts
HexagonKeySet: I have many good friends all over the world Rapeal ... many I've met and a few who are yet to be met, and they're all doing more or less very nicely thank you! The usual ups and downs of course, but ... you know ( oh, no sorry - you'd not know ) keeping their chins up!
You should try 'being decent to people' some time, and stop attacking people and countries that you're ignorant of ... ( that would be, for example, the USA and the RoTW ) who knows, you might be able to find a friend(s) too ?
Now you are USA and RoTW. ? You have more personae than twinkle toes!
Report threads that break rules, are offensive, or contain fighting. Staff may not be aware of the forum abuse, and cannot do anything about it unless you tell us about it. click to report forum abuse »
If one of the comments is offensive, please report the comment instead (there is a link in each comment to report it).
Cyberattack on French presidential front-runner bears Russian ‘fingerprints,’ research group says
By Rick Noack April 25 at 8:18 AM - Washingtonpost.com
French presidential election candidate for the En Marche movement Emmanuel Macron delivers a speech during a campaign rally in Reims on March 17. (François Nascimbeni/AFP via Getty Images)
PARIS — A security firm claimed Tuesday that a new cyberattack against the campaign offices of the front-runner in France's presidential race carried similar digital “fingerprints” to the suspected Russian hacking of the Democratic National Committee and others.
The report, released by the Trend Micro research group, did not disclose what possible fallout the infiltration had on the campaign of Emmanuel Macron, a centrist who is in a two-person runoff with far-right rival Marine Le Pen in the May 7 election.
But if a Russian connection was proved, the hacking would add to mounting allegations of Moscow-backed attempts to influence Western elections in favor of candidates with policies potentially more favorable to the Kremlin. Le Pen has voiced opposition to the powers of the European Union and has called for better ties with Russia, echoing some of the campaign rhetoric of President Trump.
[Le Pen goes from fringe right-winger to major contender]
Tokyo-based Trend Micro said Macron's campaign was targeted in March and April by a cyberspy group called “Pawn Storm.” It is the same group that has allegedly used phishing and malware to infiltrate other political organizations, such as Angela Merkel's Christian Democratic Union party in Germany and the Democratic National Committee.
“There are several things which suggest that the group behind the Macron hacking was also responsible for the DNC breach, for example. We found similarities in the IP addresses and malware used in the attacks,” said Rik Ferguson, the vice president of the company’s security research program.
“We cannot say for sure whether this was directed by the Russian government but the group behind the attacks certainly appears to pursue Russian interests,” added Ferguson, speaking from the company's London offices.
According to the research firm, the hackers created several email addresses on a fake server with the URL onedrive-en-marche.fr, operating from computers with IP addresses in multiple European nations including Britain.
The phishing attacks discovered by the Trend Micro research group appear to be distinct from hacking allegations the Macron campaign itself made in February.
At the time, the campaign's secretary general, Richard Ferrand, said its websites and networks were under constant attacks from hackers believed to be located in Russia and accused the Russian government of trying to influence the election.
The French government's cybersecurity agency ANSSI confirmed the more recently discovered cyberattacks against Macron, but stopped short of drawing connections to the earlier hacking. The agency left open the possibility that the recent attacks could be the work of “other high-level” hackers trying to point the blame at “Pawn Storm.”
The Macron campaign did not immediately respond to a request for comment. The Russian government has denied any connections to the hackings.