According to Trend Micro researchers, the campaign of French presidential candidate Emmanuel Macron has been hit by the same Russian hackers who targeted Democratic campaign officials in the U.S. before last year's presidential election, the New York Times reports.
On March 15, the researchers say, they saw the Pawn Storm group (a.k.a. Fancy Bear, APT28 or the Sofacy Group) begin targeting Macron's campaign with phishing attacks seeking campaign officials' login information.
"The phishing pages we are talking about are very personalized Web pages to look like the real address," Mounir Mahjoubi, Macron's digital director, told the Times. "They were pixel perfect. It's exactly the same page. That means there was talent behind it and time went into it -- talent, money, experience, time and will."
Still, Mahjoubi said none of the attacks was successful.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
He described the phishing attacks as the invisible side of a Russian campaign against Macron, with the visible side being fake news published on Russian news sites like Sputnik and RT.
Dmitri Peskov, spokesman for Russian president Vladimir Putin, denied that Russia was involved and told the Times that "this all recalls the accusations that came from Washington and which are still suspended in thin air."
Still, Trend Micro researcher Feike Hacquebord told the Guardian he's confident in his firm's attribution of responsibility for the attacks.
"This is not a 100 percent confirmation, but it's very likely," Hacquebord said, describing the attacks as "really in line with what they've been doing in the last two years."
The New Normal
Mimecast cybersecurity strategist Matthew Gardiner told eSecurity Planet by email that it looks like we have to get used to seeing politically motivated hacks by nation states. "The potential benefits to the perpetrators are too large and the costs of execution and the risks of getting caught are too low to worry them," he said.
"And note the likely reliance on spear phishing techniques, leveraging in this case similar domains, to fool the target into sharing sensitive information or to get them to hand over their login credentials," Gardiner added. "This has become part of the standard operating procedures for both cybercriminal and nation state attackers."
"Combine this with the fact that many organizations, political campaigns in particular rely on email to conduct their business, but have neither sufficient security controls for this communication channel, nor do they have sufficient awareness or understanding amongst their users of the attacks that can so easily be executed via email," Gardiner said.
Travis Farral, director of security strategy at Anomali, said by email that while there's nothing that can be done to stop nation states from attempting these types of attacks, there is an enormous amount that can be done to protect against them.
"Intelligence sharing, not only amongst organizations involved in elections, but also between political organizations who may have already experienced attacks from nation states, can help develop proactive defenses against future attacks," he said.
"When organizations fail to share threat intelligence broadly, attackers ultimately benefit by being able to hack multiple targets using the same method, as well as avoiding attribution," Farral added. "Leveraging two-factor authentication and training staff to recognize and report phishing attempts are also highly recommended."