According to a forthcoming report by security publisher Trend Micro, the Russian hacker group Pawn Storm – also known as Fancy Bears, APT28 and Sednit – is behind the waves of cyberattacks that have targeted the site and the collaborators of the political movement En Marche of Emmanuel Macron.
The veil is beginning to lift on the origin of the cyberattacks that affected En Marche, the political movement launched by Emmanuel Macron last year. According to a report by Trend Micro and security researcher Feike Hacquebord, to be published shortly, the Russian hacker group Pawn Storm, also known as Fancy Bears, APT28 or Sednit, is involved.
According to the latter, there is evidence that this group of hackers tried to install malware on the site of the political movement En Marche and also sent phishing emails to members of the political movement of Emmanuel. Macron. The “digital fingerprints” and hacking techniques used appear to be identical to those found during previous cyberattacks against the former candidate for the US presidential elections last November, Hillary Clinton, but also German Chancellor Angela Merkel in April and May 2016.
The hacking of Emmanuel Macron’s En Marche campaign site was facilitated by a failure to update the WordPress CMS software. (credit: bluetoof)
4 phishing waves between March and April 2017
Last February, Emmanuel Macron’s campaign site had to deal with numerous hacking actions, the hackers’ task having been made easier by a lack of WordPress update of the En Marche site. “At the start of the campaign, we had not updated our WordPress site and hackers took the opportunity to bring down our site,” said Mounir Mahjoubi, head of Emmanuel Macron’s digital campaign and former president of the National Council. digital during a debate at the Cercle evening on February 23 on cyber risk. In addition to attacks targeting the site of this political movement, phishing e-mails also targeted employees of En Marche.
Four waves of booby-trapped e-mail campaigns were thus recorded by Trend Micro, with different domain names each time. Namely onedrive-en-marche.fr, (March 15, 2017), portal-office.fr (April 14, 2017), mail-en-marche.fr (April 12, 2017) and accounts-office.fr (April 17, 2017) . “We have detected these domain names and several others”, confirmed Mounir Mahjoubi to our colleagues from 20 Minutes, specifying that sensitive information is shared not by email but via more secure messaging services such as Signal or Telegram.