French citizens have elected the centrist Emmanuel Macron as president, despite an unwelcome last-minute leak of his campaign’s documents over the Internet. Late Friday evening, Macron found thousands of files and e-mails relating to his campaign, totaling at least nine gigabytes, shared online. Just ahead of the country’s midnight campaigning cutoff, Macron’s En Marche! team had time to alert the public to the fact that the document dump was the result of a hack, and took the opportunity to implore media organizations to report on the news responsibly. As CNBC points out, French law bans the media from covering the election in the run-up to voting, which means that domestic publications had little chance to run the story. That didn’t stop bots on Twitter, though, which appear to have been widely circulating links during the weekend.
The Guardian reported Monday that two security research firms, Flashpoint Intelligence and Trend Micro, both believe that the Russian hacking group sometimes known as Fancy Bear or Advanced Persistent Threat 28 was behind the attack. That’s the same outfit believed to be responsible for attacks leveled at the Democratic party during the 2016 U.S. presidential elections, and one that’s also thought to be tied to the Russian army’s foreign military intelligence agency.
It appears that the hacks were made possible by spear-phishing attacks, in which En Marche! team members were sent links purporting to be from reputable services in order to obtain login credentials. Analysis of the techniques used suggests that Fancy Bear hackers were responsible for both the fake websites used during the Macron hacks and those that helped them target the Democratic party.