Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 10 MINUTES AGO.
You are here: Home / Cybercrime / Macron Hackers Tied to U.S. Attack
Macron Hackers Linked to U.S. Cyberattack
Macron Hackers Linked to U.S. Cyberattack
By Alex Hern Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MAY
08
2017
The hackers behind a "massive and coordinated" attack on the campaign of France's president-elect, Emmanuel Macron, have been linked by a number of cybersecurity research firms to the same Russian-affiliated group blamed for attacking the Democratic party shortly before the US election.

Tens of thousands of internal emails and other documents were released online overnight on Friday as the midnight deadline to halt campaigning in the French election passed.

New York's Flashpoint Intelligence and Tokyo-based Trend Micro have shared intelligence that suggests that the hacking group known variously as Advanced Persistent Threat 28, Fancy Bear and Pawn Storm was responsible. The group has been liked with the GRU, the Russian military intelligence directorate.

Vitali Kremez, director of research at Flashpoint, said his review indicated APT 28 was behind the leak. APT28 last month registered decoy internet addresses to mimic the name of Macron's movement, En Marche!, which it probably used to send tainted emails to hack into the campaign's computers, Kremez said. Those domains include onedrive-en-marche.fr and mail-en-marche.fr.

"If indeed driven by Moscow, this leak appears to be a significant escalation over the previous Russian operations aimed at the US presidential election, expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome," Kremez said.

Similarly identified links between the hacks, with the same organisation registering a phishing address used in the DNC hacks in April 2016 and the Macron address in March this year. That organisation had also registered domain names with the apparent purpose of stealing details from Germany's CDU and KAS, and from Montenegrin members of parliament.

Macron, an independent centrist, won Sunday's runoff election against the far-right Marine Le Pen by a 66% to 34% margin.

EU capitals expressed relief that France had proven not to be the next domino to fall after Britain's Brexit vote and Donald Trump's election as US president. A congratulatory statement from the Kremlin, which had been widely seen as backing Le Pen, urged Macron to work with Russia to "overcome mutual mistrust and unite to ensure international stability and security."

A number of factors appear to have lessened the impact of the hacks, from the late date when the stolen data was released -- two days before Sunday's second round runoff vote -- to the rapid response of the French electoral authorities.

The presidential electoral authority, the CNCCEP, warned broadcasters and the public to avoid sharing details gleaned from the documents, 9GB of which were posted by a user calling themselves Emleaks to the anonymous data-sharing site Pastebin.

A third factor diminishing the impact of the hacks may have been the response of the Macron campaign, which intervened an hour before the legally imposed blackout on public statements from election candidates to report that many of the documents being shared were fake.

The Daily Beast claimed that rather than being faked by the hackers or those reposting the data, the bogus information had been planted by the Macron campaign, which had become aware it was the target of a phishing campaign and flooded the hackers with false information.

Despite the strong technical abilities believed to be possessed by APT 28, its primary route of attack is a simple yet effective method known as spear phishing: creating fake login pages targeted at individuals in an attempt to encourage them to enter their usernames and passwords, giving the hackers access to confidential information. They can then repeat the process, using the confidential information to craft even more convincing phishing pages, until they have stolen significant amounts of data.

The Macron campaign reportedly turned this strategy around by flooding "these addresses with multiple passwords and logins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out," according to Mounir Mahjoubi, the head of Macron's digital team.

© 2017 Guardian Web under contract with NewsEdge/Acquire Media. All rights reserved.
Tell Us What You Think
Comment:

Name:

A Researcher:
Posted: 2017-05-15 @ 5:33pm PT
ZOMG ! The Rooskies are eating our internetz!

Daily Beast is your source? Really?

Sad!

A Researcher:
Posted: 2017-05-15 @ 5:27pm PT
Well since the DNC refused to turn over their servers to law enforcement after the incident, I'm gonna be the one to call B.S.

Like Us on FacebookFollow Us on Twitter
MORE IN CYBERCRIME
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.