Researchers: Russia-linked hackers targeted Macron campaign

Researchers with the Japanese anti-virus firm Trend Micro say the campaign of French presidential front-runner Emmanuel Macron has been targeted by Russia-linked hackers, adding more details to previous suggestions that the centrist politician was being singled out for electronic eavesdropping by the Kremlin.

The campaign's digital chief, Mounir Mahjoubi, confirmed the attempted intrusions in a telephone interview late Monday but said they had all been thwarted.

"It's serious, but nothing was compromised," he said.

The French presidential race is not yet over. Macron faces far-right rival Marine Le Pen in France's presidential runoff on May 7. Macron favors a strong European Union, while Le Pen wants to pull France out of the bloc, weakening it.

Trend Micro said it discovered the campaign by monitoring the creation of rogue, lookalike websites often used by hackers to trick victims into giving up their passwords. The Tokyo-based firm recently detected four Macron-themed fake domains being set up on digital infrastructure used by a group it calls Pawn Storm, according to Trend Micro researcher Feike Hacquebord.

Mahjoubi confirmed that at least one of the sites had recently been used as part of an attempt to steal campaign staffers' online credentials.

Unmasking which group is behind this or that spying campaign is one of the most challenging aspects of cybersecurity, but Hacquebord said he was confident Trend Micro had gotten it right.

"This is not a 100 percent confirmation, but it's very, very likely," Hacquebord said, adding the political nature of the targeting was "really in line with what they've been doing in the last two years."

Trend Micro has stopped short of accusing any country of pulling Pawn Storm's strings, but American spy agencies and a variety of threat intelligence firms say that Pawn Storm, an extraordinarily prolific group also known as Fancy Bear or APT28, of being an arm of Russia's intelligence apparatus.

French officials have also tended to be more circumspect than their American counterparts, repeatedly declining to tie Pawn Storm to any specific actor.

Russian government officials have long denied claims of state-sanctioned hacking. On Tuesday, Kremlin spokesman Dmitry Peskov dismissed the most recent coverage as "anonymous, unsubstantiated reports."

The Associated Press left several messages with the hacker or hackers who registered the rogue Macron websites. None was returned.

Mahjoubi said the attempts to penetrate the Macron campaign date back to December. In February, the campaign complained publicly of being targeted by Russia-linked electronic spying operations, although it offered no proof at the time.

Trend Micro's report, which was produced independently of the Macron campaign and lists 160 electronic espionage operations across a series of targets, adds a measure of evidence to the notion, even if the fact that the rogue websites were registered in March and April doesn't line up with the campaign's timeline.

The French election, the first round of which Macron won Sunday with just over 24 percent of the vote, has been closely watched for signs of digital interference of any kind.

Many observers feared a repeat of the U.S. electoral contest in 2016, when hackers allegedly backed by Moscow broke into the email inboxes of the Democratic National Committee and other political operatives. Pilfered documents subsequently appeared on WikiLeaks and other more mysterious websites, putting the Democrats on the defensive during their losing campaign against Donald Trump.

___

Nataliya Vasilyeva in Moscow contributed to this report.

___

Online:

Raphael Satter is reachable on: http://raphaelsatter.com