Russian hackers are targeting European governments ahead of May election

Posted by & filed under Security Alerts.

Russian hackers have targeted European government systems ahead of the EU parliament election, cybersecurity firm FireEye said Thursday.

The company found that two state-sponsored hacking groups, APT28 and Sandworm, used spear phishing — the practice of sending out emails designed to look like they’re from a trusted party — in an attempt to obtain government information.

FireEye said European government institutions were sent emails with links to websites that appeared to be authentic, luring a person into changing their password and thus sharing their credentials with hackers.

APT28, more popularly known as Fancy Bear, is believed to be linked to Russian military intelligence agency GRU and has been labelled as one of the malicious actors behind the 2016 Democratic National Convention hack.

Sandworm, meanwhile, has also been tied to Russia and is believed to have been behind the NotPetya ransomware attacks last year which targeted mainly Ukrainian institutions.

The spying efforts of the two hacking groups appeared to be coordinated, but the tools used by both differed, FireEye said. The company said it noticed a “significant increase” in activity from the groups in mid-2018 and that the cyberespionage campaign is ongoing.

“The groups could be trying to gain access to the targeted networks in order to gather information that will allow Russia to make more informed political decisions, or it could be gearing up to leak data that would be damaging for a particular political party or candidate ahead of the European elections,” Benjamin Read, senior manager of cyberespionage analysis at FireEye, said in a statement Thursday.

FireEye, founded in 2004, provides several cybersecurity services, including intelligence analysis, disaster response and outsourced managed security operations. The firm is reported to have worked with Facebook and Google to spot disinformation campaigns.

The firm’s findings are likely to fuel worries over the possibility that Russia may influence upcoming EU elections. As Europe braces itself for a fresh parliamentary vote in May, tensions are running high over the potential for foreign states like Russia to use their cyber capability to sway the results.

French President Emmanuel Macron recently called for a “European Renaissance” to combat cyber attacks and foreign funding for European political parties, while former NATO Secretary General Anders Fogh Rasmussen has warned Russia will be a “major malign actor” in the upcoming EU poll.

“The link between this activity and the European elections is yet to be confirmed, but the multiple voting systems and political parties involved in the elections creates a broad attack surface for hackers,” FireEye’s Read said.

FireEye said the cyberspying efforts were concentrated on NATO member states but declined to identify which specific organisations had been targeted. It also said it was unable to state whether any sensitive data had been leaked from institutions as a result. However, it added that cyber campaigns of this size are usually successful.

The Milpitas, California-based firm said the cyber attack also targeted French and German media outlets, Russian political opposition groups and Russia-linked LGBT organisations.

FireEye’s alert over Russian hacking follows a similar announcement from Microsoft. The tech giant said last month that hackers linked to Strontium — another name for APT28 — carried out phishing campaigns on think-tanks and non-profit organisations in Europe.


The information contained in this website is for general information purposes only. The information is gathered from CNBC while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.