Russia-linked hackers targeted Macron campaign

Hackers working for the Russian government sent a barrage of targeted phishing emails between 2014 and 2016 to employees of major news outlets, and they focused particularly on Al Jazeera in the days before and shortly following the US presidential election, according to new research by cybersecurity firm Trend Micro.

The researchers added to previous suggestions that the centrist politician was being singled out for electronic eavesdropping by the Kremlin.

The Macron campaign's digital security director, Mounir Mahijoubi, said that the campaign had spotted "a number of suspicious phishing and other kinds of attacks".

The firm was unable to tell whether any campaign staffers actually fell into any traps, or whether any campaign materials were compromised.

Macron, a centrist candidate, won the first round of the French Presidential election Sunday, taking home 24.01% of the vote.

Trend Micro believes the attackers contacted the Macron campaign using the domain "onedrive-en-marche.fr".

The security firm Trend Micro reports that the hacking group known as Fancy Bear, APT 28 and Pawn Storm attacked the French and German targets using similar phishing schemes to the one that caught the DNC.

She contends Macron's plan for France amounts to "fratricide" because, she says, it pits people and companies against each other, with the strongest winning. "Like the name suggests Pawn Storm will attack from different sides", Trend Micro explained. Party were presumably affiliated with the Fancy Bears' hack team, a group which private investigators working for the Hillary Clinton campaign have accused of being connected to Russian intelligence.

French officials have also tended to be more circumspect than their American counterparts, repeatedly declining to tie Pawn Storm to any specific actor.

Russian government officials have long denied claims that they are responsible for any state-sponsored hacking.

Asked about Trend's findings that Macron was under cyber attack, Kremlin spokesman Dmitry Peskov said on Monday: "What (hacking) groups?"

The Associated Press left several messages with the hacker or hackers who registered the rogue Macron websites. No message was received in return.

The attack was carried out by Pawn Storm, a cyber group with the same digital fingerprints as the GRU, the Russian military intelligence service, according to a 40-page report by Trend Micro, a Tokyo-based firm, to be published on Tuesday (25 April). In February, the campaign complained publicly of being targeted by Russia-linked electronic spying operations, although it offered no proof at the time.

"It is wrong to say that Russian Federation shows favouritism towards anyone among the candidates", he claimed, adding unprompted: "Russia has never interfered, doesn't interfere and will never interfere into electoral processes in other countries".

When asked about a report "on Russian malicious cyber activity" released by the Federal Bureau of Investigation and the Department of Homeland Security (DHS) in late December in an effort to link Russia to hacking the Democratic Party organizations, Spicer noted that the 13-page report is first and foremost "a how-to manual for the DNC [Democratic National Committee] as to how they can improve their IT security".