Two foundations tied to Germany’s ruling coalition parties were attacked by the same cyberspy group that targeted the campaign of French presidential favourite Emmanuel Macron, a leading cyber security expert said on Tuesday. The group, dubbed “Pawn Storm” by security firm Trend Micro, used email phishing tricks and attempted to install malware at think tanks tied to Chancellor Angela Merkel’s Christian Democratic Union (CDU) party and coalition partner, the Social Democratic Party (SPD), Feike Hacquebord said. Hacquebord and other experts said the attacks, which took place in March and April, suggest Pawn Storm is seeking to influence the national elections in the two European Union powerhouses. “I am not sure whether those foundations are the actual target. It could be that they used it as a stepping stone to target, for example, the CDU or the SPD,” Hacquebord said.
The mysterious cyberspying group, also known as Fancy Bear and APT 28, was behind data breaches of U.S. Presidential candidate Hillary Clinton and Merkel’s party last year, Hacquebord said. Other security experts and former U.S. government officials link it to the Russian military intelligence directorate GRU. Hacquebord and Trend Micro have stopped short of making that connection.
Russia has denied any involvement in the cyber attacks. Since 2014, Merkel has pushed the European Union to maintain sanctions on Russia over its actions in eastern Ukraine and Crimea. Her coalition partners, the Social Democrats, back a more conciliatory stance towards Moscow. “What we are seeing is kind of a replication of what happened in the United States,” David Grout, a Paris-based technical director of U.S. cyber security firm FireEye, said of technical attacks and efforts to spread fake news in Europe.
Hacquebord said on Monday he had found new evidence that Macron’s campaign was targeted by Pawn Storm.