French Presidential Candidate Target Of Russian Hacker Phishing Attack

The French presidential election has been hit with a case of déjà vu. Emmanuel Macron’s campaign said its staff received phishing emails meant to steal their passwords.

Trend Micro said in a report set to be published today that they have found evidence of a phishing attack targeting French presidential candidate Emmanuel Macron. The emails and fake sites sites could have tricked campaign staff into entering their credentials and allow malware to infect their computers, their researchers stated. Candidate_Macron_campaign_phishing_attack.png

Macron, of the relatively new “En Marche” party which translates to “on the move”, will be in a runoff on May 7 against National Front candidate Marine Le Pen for the French presidency. Macron’s campaign confirmed to the Wall Street Journal that its staffers received emails leading to fraudulent websites, but that the attempts were blocked, but who knows if they really were.

The hacking group behind the phishing attempts was Russian APT28, a group tracked for years by many security researchers.  This group of criminal hackers is also known as Pawn Storm, Sofacy, Strontium, Fancy Bear, and SecureWorks calls them “IRON TWILIGHT“.  Here is a backgrounder on APT28.

As part of the attack, hackers set up multiple internet addresses that mimicked those of the campaign’s own servers in an attempt to lure Mr. Macron’s staffers into turning over their network passwords, said Feike Hacquebord, a senior threat researcher for Tokyo-based Trend Micro and the author of the report, a copy of which was reviewed by The Wall Street Journal.

Security researchers state it is highly likely APT28 are supported by the Russian Government, specifically the GRU which is the Russian military intelligence arm, the counterpart of the FSB (former KGB). APT28 “active measures” were trying to influence U.S. presidential elections and at the moment try to do the same thing in France and Germany.  Kremlin spokespeople deny everything vehemently. Yeah, sure.

What to do about It

SecureWorks recommends the following excellent best practices to prevent network compromise:

  1. Apply best-practice security controls such as regular vulnerability scanning and patching,
  2. Have network monitoring tools in place.
  3. User education reduces your susceptibility to compromise.
  4. Implement two-factor authentication (2FA) on internal and third-party webmail platforms.
  5. Encourage employees use 2FA on their personal accounts.
  6. Restrict work-related communication from personal email.

 

[contentblock id=74 img=gcb.png]

 Hello! 

CEO, Author of the #1 Risk to Small Businesses

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
A note to our visitors

This website has updated its privacy policy in compliance with changes to European Union data protection law, for all members globally. We’ve also updated our Privacy Policy to give you more information about your rights and responsibilities with respect to your privacy and personal information. Please read this to review the updates about which cookies we use and what information we collect on our site. By continuing to use this site, you are agreeing to our updated privacy policy.