FRANKFURT (Reuters) - The campaign of Emmanuel Macron, the favorite to win France's presidential election, has been targeted by a cyber espionage group linked by some experts to the Russian military intelligence agency GRU.
Feike Hacquebord, a researcher with security firm Trend Micro said he had found evidence that the spy group, dubbed "Pawn Storm", targeted the Macron campaign with email phishing tricks and attempts to install malware on the campaign site.He said telltale digital fingerprints linked the Macron attacks with those last year on the U.S. Democratic National Committee (DNC) the campaign of presidential candidate Hillary Clinton, and that similar techniques were used to target German Chancellor Angela Merkel's party in April and May of 2016."We have seen that phishing sites were set up and the fingerprints were really the same actors as in the DNC breach," Hacquebord told Reuters.Russia denied any involvement in the attacks on Macron's campaign.Security experts say Pawn Storm is known to let time pass before leaking stolen documents and that any hacking of Macron's campaign in recent months is unlikely to influence the run-up to the May 7 second round. But, if documents have been stolen, they could be used to undermine Macron's presidency should he win.A spokesman for French government cyber security agency ANSSI confirmed the attacks on the Macron campaign, but declined to say whether the Russian-linked group was to blame."What we can establish is that it’s the classic operation procedure of Pawn Storm," the spokesman said. "However, we will not attribute the attack because we can very easily be manipulated and the attacker could pass themselves off as somebody else."The Macron campaign was not immediately available to comment. In the run-off vote, Macron, a liberal internationalist who has been critical of Russian foreign policy, will face far-right leader Marine Le Pen who has taken loans from Russian banks and advocated pro-Kremlin policies.Hacquebord said the Pawn Storm group set up four fake email phishing accounts to mount attacks against Macron's "En Marche!", or "Onwards", using a fake server located at onedrive-en-marche.fr and similar site names in March and April. The attack was mounted using computers based in France, Britain and other countries, he said."These kinds of attacks are quite dangerous," Hacquebord said. "Credential phishing is probably a very good way to try and compromise a political party.""WHY RUSSIA?"Pawn Storm, one of the world’s oldest cyber espionage groups, has also been called APT 28, Fancy Bear, Sofancy and Strontium by a range of security firms and government officials. Security firm CrowdStrike has said the group may be associated with the Russian military intelligence agency GRU. Other U.S.-based firms Dell SecureWorks, FireEye