Security firm FireEye says Russian hackers have been spearphishing European governments ahead of May’s European Parliament elections.
The news, first reported by CNBC, confirms previous reports of malicious activity by Kremlin-backed groups.
According to FireEye, one group is APT28, also known as Fancy Bear and Strontium – widely believed to have been behind the phishing attacks on the Democratic National Committee (DNC) in 2016. Last summer, Microsoft took control of six internet domains run by the group that were attacking US political groups.
The other hacking group identified by FireEye is Sandworm, also claimed to have carried out last year’s NotPetya attack on Ukranian and other institutions.
FireEye suggests that the aim of these latest attacks could be simple cyberespionage – or an attempt to gather and leak information that could be damaging to certain parties or candidates. As well as the European election, the hackers are believed to have been targeting parliamentary elections planned for this year in Finland, Belgium, Spain, Denmark, Greece, Poland and Portugal.
Employees within these and European governments have been receiving spoofed emails containing malicious links that appear to connect to real government websites. They’ve been hit with malware, and also encouraged to enter credentials that could allow information to be harvested.
“As we learned from the last U.S. presidential election, there are treasure troves of sensitive information online on candidates, the opposition and foreign leaders,” comments Israel Barak, chief information security officer at security firm Cybereason.
“In addition, if countries can glean information about military strategy, doctrine, weapons systems deployment, etc, etc, rest assured the networks where the information resides will be attacked.”
FireEye isn’t releasing details of which organizations were targeted and says it couldn’t say whether any sensitive data has actually been leaked – though it added that such hacks were usually successful. It says it’s notified the targeted organizations and is offering advice.
Earlier this week, Europol warned that the EU needed to prepare for large-scale cyber-attacks with ‘serious repercussions’. The Council of the European Union has adopted an EU Law Enforcement Emergency Response Protocol focusing on rapid assessment, secure and timely sharing of critical information and effective international coordination.