The French newspaper Le Monde said it has received evidence of the involvement of the cybercriminals from APT28 (also known as Fancy Bear) and Sandworm in hacking the email of the campaign headquarters of French President Emmanuel Macron in 2017.Because of the cyberattack, the criminals uploaded tens of thousands of emails and documents to the Network a few hours before the end of the official campaign.
“Has been obtained technical evidence of the involvement of Russian special services in breaking into the correspondence of the headquarters of Emmanuel Macron. The correspondence of Macron’s headquarters was published in May 2017 on the eve of the second round of presidential elections in France. Earlier, both Macron, who won the presidential election as a result, and his entourage, stated that Russian hackers were behind the hack, but evidence was not provided”, – say Le Monde reporters.
Evidence of a cyberattack on the campaign was discovered by Google researchers on the fight against cyber piracy. According to the publication, the malicious campaign began in March 2017 before the first round of presidential elections in France.
According to Le Monde sources, the hacking of the Macron headquarters was prepared for several months. Hackers sent out phishing emails to steal passwords and personal data to both Macron’s relatives and close associates, and members of his Forward! Party.
“After the correspondence of Macron’s headquarters was published, it turned out that the metadata of the published letters featured George Petrovich Roshka, mentioned in open sources as an employee of ZAO Eureka. This company, in turn, calls itself a contractor for a number of Russian departments, including the Ministry of Defense and the FSB”, – writes Le Monde.
It was also reported that hackers used fake Facebook accounts to get information from friends of French President Emmanuel Macron.
Recall that the cybercriminal group APT28 is accused of attacks on the Montenegrin government and participants in the NATO and US conference on cyber warfare. Sandworm criminals attacked governmental officials in the European Parliament, and for a long time tried to infect Android phones with fraudulent applications. Attackers also tried to compromise Android developers with the aim of introducing malware into legitimate applications.