SAN FRANCISCO — The same Russian hackers who breached the email servers of the Democratic National Committee in 2016 are now focusing their attention on the European elections, according to a new report due to be published on Tuesday by the cybersecurity firm Trend Micro.
The report offers a two-year overview of a group of Russian hackers who are known under various names, including Fancy Bear, Pawn Storm, and APT 28. The group uses a variety of techniques but most commonly relies on spear phishing emails to trick their victims into allowing them into their systems. The emails, which appear innocuous but include dangerous malware, were how Russian hackers first made their way into the email servers of Democratic Party officials. The subsequent release of information taken from those servers, the US believes, was part of a Russian effort to influence the 2016 presidential elections.
Now, it appears they are using the same strategy to target the upcoming German elections.
“I think some of this activity is even happening today, some of these spear phishing emails are going out today,” said Ed Cabrera, chief cybersecurity officer at Trend Micro. In one screenshot Trend Micro provided to BuzzFeed News, the hackers appeared to be targeting the Konrad Adenueu Stiftung, a German think tank that is affiliated with the Christian Democratic Union (CDU) party of German Chancellor Angela Merkel. The hackers set up multiple internet addresses that mirrored those of the think tank to trick people into entering their passwords and other information.
In the past, the same Russian hackers, who also infiltrated HIllary Clinton campaign chair John Podesta’s emails, have targeted American think tanks as a way of getting access to political groups. Once a think tank is compromised, hackers can send email purporting to be from a trusted person at the think tank to a political official, with a much higher chance of getting that official to open a document, or email attachment, that seems to come from a source they know.
German intelligence agencies have warned that Russian hackers could attempt to disrupt Germany’s upcoming federal elections using methods that mirror those used in the US election. Their efforts appear to focus on destabilizing Merkel, who is running for re-election in September 2017. The move is seen as part of a broader effort by Russia to destabilize the European Union, while at the same time pushing pro-Russian agendas in Eastern Europe.
Trend Micro’s report also revealed that the Russian hackers tried to access the campaign email account of French presidential candidate Emmanuel Macron in recent weeks through spear phishing emails. Macron, a centrist who advocates a strong pro-EU stance to combat meddling from Moscow, has accused Russia of intervening in France’s elections in the past. Macron received the highest number of votes in the first round of the French elections on Sunday, and will face a runoff on May 7 against National Front leader Marine Le Pen. Le Pen is believed to be favored by Moscow due to her anti-EU and NATO stances.
Cabrera said Trend Micro has alerted French and German authorities to the activity targeting their elections.
Kremlin spokesman Dmitry Peskov denied accusations that Moscow had meddled in either the French or German elections, telling Russian news agencies Monday, “I repeat once again: Russia has never interfered, isn’t interfering and will never interfere in the electoral processes of other countries.”
Outside Your Bubble is a BuzzFeed News effort to bring you a diversity of thought and opinion from around the internet. If you don’t see your viewpoint represented, contact the curator at firstname.lastname@example.org. Click here for more on Outside Your Bubble.
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.