Cyber Security

Report: Russians Who Hacked Clinton Campaign Now After France’s Macron

France is down to two presidential candidates. One takes photos with Vladimir Putin. Guess which one the Kremlin prefers?

Cyber Security
Getty Images
Apr 25, 2017 at 5:46 PM ET

The same hacker group that attacked the Democratic Party during the 2016 U.S. Presidential election, which was widely believed to be an extension of Russian government intelligence, is attacking French presidential candidate Emmanuel Macron, a new report says.

The group, alternately known as APT 28, Fancy Bear, and Pawn Storm, has in recent years set up phishing attacks for defense departments, political parties, and think tanks in targets in dozens of countries across western Europe, the Middle East, and South America, according to a new study by cybersecurity firm Trend Micro.

When an agent believed to be APT 28 attacked the Democratic Party in 2016, it was independently identified by a wide range of sources, including cybersecurity firms, the NSA, CIA, and FBI, and journalists as the Kremlin GRU, or Main Intelligence Directorate, the Russian government’s largest foreign intelligence agency.

More Russian DNC Hackers Are Now Targeting Germany’s Merkel — Report

DNC files were then sporadically leaked by several agents, including a hacktivist persona that called itself Guccifer 2.0. Guccifer 2.0 claimed to have given a number of files to WikiLeaks, which in turn also leaked files in the months leading up to the election, prompting significant negative media coverage for Democratic candidate Hillary Clinton.

But APT 28 has attacked far more than just the DNC, Trend Micro’s survey found.

More Guccifer 2.0 Is Likely A Russian Begging Us To Write About DNC Hack

Dozens of groups — including military targets and political parties seen as tough on Russia, like German Chancellor Angela Merkel’s Christian Democratic Union Party — have been targets, reaching back at least to 2013. It’s unclear how many have been victims, though there are few obvious ones: Both the DNC and the World Anti-Doping Association, the committee that penalized Russia for its doping program by banning some athletes from the 2016 Olympics, have seen private files leak online.

“How they’ve done these attacks, and who, generally speaking they’ve been targeting over the last several years, isn’t new. What’s new is the fundamental shift in propaganda campaigns associated with these attacks,” Feike Hacquebord, a senior threat researcher at Trend Micro, told Vocativ. In other words, though Russia has tried to obtain access to private files for years, only recently has it started strategically leaking information to gain some advantage.

It does seem, at least, that governments have learned from U.S. Democrats’ mistakes. Germany has reportedly spotted the attacks and warned the CDU and an affiliate think tank that is currently under attack. Macron’s campaign has claimed it is aware of being targeted and has not fallen for phishing attacks.