AGATHE DAHYOT FOR “THE WORLD” AFTER AFP
InvestigationFor the first time, technical elements accredit the involvement of two groups of hackers, linked to Russian intelligence, in the hacking of Emmanuel Macron's campaign team.
Month after month, the puzzle pieces of the “MacronLeaks” emerge and assemble. More than two years after the hacking that targeted the campaign team Emmanuel Macron in 2017, resulting in the publication of the content of several e-mail just before the second round of the presidential election, new clues surfaced. For the first time, elements collected by The world, technically accredit the coordinated involvement of two units of Russian state pirates in this attempt to destabilize the presidential election.
At the end of November, two members of Google's group of researchers who are tracking the most sophisticated hacker groups presented the results of some of their work as part of a specialized conference. We were able to consult the slides they produced during this demonstration: inside are unpublished information on the event and the managers of the “MacronLeaks”.
FireEye, a specialist, has also unearthed details of this piracy. Less known to the general public and also specializing in the hunt for the most advanced pirates, she has spent the last few years analyzing the Russian state apparatus in cyberspace. His work on the hacking of the team En marche!, Recorded in 2018 in a document reserved for his clients, of which we were able to read, was also partly made public in the last book of the specialized journalist Andy Greenberg, who has just been published in the United States (Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers, Doubleday, 2019).
Pirates coming from or close to Russian military intelligence
According to these sources, the pirates who targeted the French presidential are not amateurs. On the contrary. Two highly specialized units linked to the Russian military intelligence service, the GRU, successively targeted the e-mail accounts of relatives of the future President of the Republic.
The operation dates back to early March 2017, a few weeks before the first round of the election. A first group of hackers, well-known industry experts and referred to as the APT28 code, are starting to send emails intended to trap their targets to steal credentials and passwords.
It is now known that the contours of APT28 match those of unit 26 165 of the GRU