The hackers belong to a cyber espionage group linked by some experts to the Russian military intelligence agency GRU.
Feike Hacquebord, a researcher with security firm Trend Micro, said he had found evidence that the spy group, dubbed “Pawn Storm”, targeted the Macron campaign with email phishing tricks and attempts to install malware on the campaign site.
He said digital fingerprints linked the Macron attacks with those last year on the US Democratic National Committee (DNC) the campaign of presidential candidate Hillary Clinton, and that similar techniques were used to target German Chancellor Angela Merkel’s party in April and May of 2016.
“We have seen that phishing sites were set up and the fingerprints were really the same actors as in the DNC breach,” Hacquebord said.
Russia denied any involvement in the attacks on Macron’s campaign but there are advantages for Putin to have Le Pen as president. For a start, she will want to leave the EU which will be enough to collapse the bloc completely. A disunited EU would be better for Russia.
Security experts say Pawn Storm is known to let time pass before leaking stolen documents and that any hacking of Macron’s campaign in recent months is unlikely to influence the run-up to the May 7 second round. But, if documents have been stolen, they could be used to blackmail Macron as president should he win.
A spokesman for French government cyber security agency ANSSI confirmed the attacks on the Macron campaign, but declined to say whether the Russian-linked group was to blame.
“What we can prove is that it’s the classic operation procedure of Pawn Storm,” the spokesman said. “However, we will not attribute the attack because we can very easily be manipulated and the attacker could pass themselves off as somebody else.”
Macron, a liberal internationalist is not a big fan of Putin while e Le Pen has loaned cash from Russian banks and advocated pro-Kremlin policies.
Hacquebord said the Pawn Storm group set up four fake email phishing accounts to mount attacks against Macron’s “En Marche!”, or “Onwards”, using a fake server located at onedrive-en-marche.fr and similar site names in March and April.