Investigation
Russian spies or US neo-Nazis: Who hacked Macron?
A US cyber security firm has published new claims that a Kremlin-linked group was behind the recent cyber-attack on France’s incoming leader, Emmanuel Macron.
The US-based firm, Flashpoint, said on Friday (12 May) that 38 emails in the Macron cache, which was leaked on 5 May, on the eve of the French vote, contained links to “phishing” websites set up by a hacker group called Fancy Bear.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
Phishing is a kind of attack which tries to steal people’s passwords by sending them links to bogus sites.
Fancy Bear, also known as Pawn Storm, is a group said by US intelligence to be a front for Russia’s GRU military intelligence service.
“Flashpoint identified phishing emails in the contents of the leak that distributed links to domains associated with Fancy Bear”, it said.
It noted that some of the leaked emails also contained data pointing to a Russian firm that was linked to Russia’s FSB intelligence service, but it said it was “possible that this metadata is a false flag planted in order to implicate Russian-speaking actors”.
Despite the caveat, it added: “Flashpoint currently assesses with moderate confidence that Fancy Bear is likely linked to the hack and leak”.
It ruled out “hacktivist groups” and “criminal groups” on grounds that these would have either sought publicity or money for the stolen data.
It also said that “the threat actors who undertook this leak will likely continue targeting Macron and other European leaders in order to destabilise European political systems”, adding that the upcoming elections in the UK and Germany were at risk.
The head of a US intelligence service, the National Security Agency (NSA), earlier this week also said Russia hacked Macron.
But other experts were less sure.
Trend Macro, a Japanese-based firm that has tracked Pawn Storm’s activity for over two years, has said the group tried to hack Macron in March.
But Loic Guezo, its Paris-based expert, recently told EUobserver the 5-May operation looked too amateurish to be Pawn Storm/Fancy Bear and could have been the handiwork of an individual far-right activist.
Commenting on Flashpoint’s analysis on Friday, Guezo said the fact that 38 of the thousands of leaked Macron emails contained Pawn Storm/Fancy Bear links did not mean that any of those 38 links was instrumental in the attack.
“It’s not because you see some phishing coming from Pawn Storm that the global leak is traceable to Pawn Storm”, he said.
A separate investigation by Le Monde, a French newspaper, published on Friday also highlighted the fact that US-based neo-Nazi activists had boasted on internet forums that they had got hold of anti-Macron material.