Cyber-espionage warning: Russian hacking groups step up attacks ahead of European elections

Researchers at FireEye say Kremlin-backed hacking operations are attempting to target governments, media and political parties as elections approach.
Written by Danny Palmer, Senior Writer

Russian state-backed hacking groups are actively targeting governments, media and political parties across Europe as part of a cyber espionage campaign ahead of the European Union elections in May – and a series of national elections set to place across this year.

Threat researchers at cybersecurity company FireEye have issued a warning about ongoing malicious activity targeting Europe during 2019, with the two groups behind the attacks thought to be linked to the Kremlin.

One of them is the hacking group FireEye refer to as APT28, also known as Fancy Bear. The operation is widely believed to have made efforts to influence the 2016 US Presidential election and has been involved in a large number of cyber-espionage campaigns targeting embassies and other organisations.

The second group engaging in malicious activity is known as Sandworm Team, a hacking group linked to Russia's GRU intelligence agency.

The groups appear to be working together and they're attempting to conduct cyber-espionage campaigns across Europe with tailored spear-phishing messages the opening gambit for the attacks.

For example, targets within European governments have been sent spoofed emails that appear to link directly to real government websites. However, these links are malicious, with the goal of dropping malware onto the system of the victim, or encouraging them to enter their credentials, which will then be harvested and exploited by the attackers.

SEE: Can Russian hackers be stopped? Here's why it might take 20 years (TechRepublic cover story) | download the PDF version

"They tailored phishing in several cases we observed. They even faked local institution websites and content to encourage their victims to share credentials," David Grout, EMEA CTO at FireEye, told ZDNet.

"The attackers are using several phishing technologies, including some large-scale approaches and tailored approaches to increase their chance in getting the information they are looking for".

Researchers believe the attacks have several objectives: to collect information and credentials for future operations, to understand each of the target countries and groups to help make decisions on how to act and to collect enough intelligence to build and conduct disinformation campaigns.

"The groups could be trying to gain access to the targeted networks in order to gather information that will allow Russia to make more informed political decisions, or it could be gearing up to leak data that would be damaging for a particular political party or candidate ahead of the European elections," said Benjamin Read, senior manager of cyber-espionage analysis at FireEye.

Researchers haven't detailed the specific targets of the campaign or if any of the attacks have been successful.

However, up to 300 million citizens across the European Union's member states are set to vote in European parliamentary elections in May. Parliamentary elections are also set to take place in a number of European countries over the course of the year: they include Finland, Belgium, Spain, Denmark, Greece, Poland, and Portugal.

FireEye says it has notified organisations that have been targeted by attacks and is advising and informing them to help understand the attackers, the tools they use, and the techniques used to lure users into falling victim to attacks.


Editorial standards