Cyber Security

Russian DNC Hackers Are Now Targeting Germany’s Merkel — Report

In run-up to elections, her party faces an attack campaign that began over a year ago, a new report says

Cyber Security
Photo Illustration: R. A. Di Ieso
Apr 25, 2017 at 8:00 AM ET

A Kremlin-affiliated hacker group has been targeting German Chancellor Angela Merkel’s party, for more than a year, a new report says — and it’s still ongoing.

The report, conducted by cybersecurity firm Trend Micro, has found that Russian intelligence-affiliated hackers broadly known as APT28 have gone after institutions connected to Merkel at least three times in just over a year. It comes a day after Trend Micro also concluded that APT28 appeared to target French presidential candidate Emmanual Macron in the lead-up to France’s elections as well.

Known by a host of names, including Fancy Bear and Pawn Storm, APT 28 has long been accepted by cybersecurity experts as an operation from the Kremlin’s GRU, or Main Intelligence Directorate, which functions as the Russian government’s primary foreign intelligence agency. It’s been cited by cybersecurity firms, journalists, and independent investigations of the FBI, CIA, and NSA as the group behind the hacking of and distribution of files relating to Democrat candidate Hillary Clinton and her party during the 2016 election.

Now, along the same lines, Trend Micro has reported that similar attacks have targeted Merkel’s Christian Democratic Union (CDU) Party in Germany as Merkel runs for reelection in September.

The attacks, in both instances, begin with a fairly simple hacker technique: a phishing attack, meaning that a user is tricked into believing a fake login page is real, and proceeds to give their email address and password to the hacker.

Trend Micro’s reports found that on at least two separate occasions, April and May in 2016, fake websites that pretended to be CDU, respectively hosted at the domains webmail-cdu.de and support-cdu.de, were actually APT 28 phishing attacks. They seemed to have been unsuccessful, with the German government catching and reportedly fending off the attacks before they were successful.

But recently, in an attack that is still ongoing as of Monday, APT 28 is still trying to phish credentials for Konrad Adenauer Stiftung, a think tank associated with CDU, according to Feike Hacquebord, a senior threat tesearcher at Trend Micro. A recent screengrab of such a phishing page, provided by Trend Micro to Vocativ, is below.

 

That’s not to say that such attacks are meant to singlehandedly cause Merkel’s downfall. Instead, they may be part of a much broader campaign to target her party in general and access potentially damaging internal communications. Acquiring access to one person’s email address, for instance, makes it easier for a hacker to in turn pose as that person to hack their colleagues.

“Our researchers say these are soft targets, and possibly are launching points to other, more high value targets. It could function as a stepping stone. The actual activity is still ongoing, even as of today,” Hacquebord told Vocativ.