This story is over 5 years old.


Russian hackers are infiltrating European governments ahead of May elections, security firm says

FireEye says the cyber attacks by two Kremlin-linked hacking groups have increased significantly since mid-2018
Russian hackers are infiltrating European governments ahead of May elections, security firm says

Want the best from VICE News in your inbox? Sign up here.

Two Kremlin-linked hacking groups have been conducting a campaign to infiltrate European government systems in the months leading up to EU elections in May, according to a report published Thursday by U.S. cybersecurity company FireEye.

FireEye says in its report that the hacking groups—Sandworm and Fancy Bear—have been attempting to infiltrate the networks of governments across the continent, with attacks increasing significantly since mid-2018.


“The groups could be trying to gain access to the targeted networks in order to gather information that will allow Russia to make more informed political decisions, or it could be gearing up to leak data that would be damaging for a particular political party or candidate ahead of the European elections,” Benjamin Read, senior manager of cyber espionage analysis at FireEye, said in a statement.

FireEye told VICE News that it was not revealing the identities of the governments targeted by these attacks or how successful they were, but said the campaign is “focused on NATO member states” in Europe.

Fancy Bear, also known as APT28, is the group accused by U.S. intelligence agencies of hacking the Democratic National Committee in 2016, while Sandworm is the group accused of hacking Ukraine’s electrical grid and causing a blackout for hundreds of thousands of people in 2015 and 2016.

This latest campaign saw the groups using spear-phishing email attacks to try and get employees of European governments to click on links designed to look like they come from real government websites. If victims clicked on the link, they were asked to change their password but were, in fact, handing their credentials to the hackers.

Analysts and lawmakers expect Russia to attempt to interfere in the EU elections in May, when 300 million people will vote to elect lawmakers to parliament in Brussels.

“The link between this activity and the European elections is yet to be confirmed, but the multiple voting systems and political parties involved in the elections creates a broad attack surface for hackers,” Read added.

Thursday’s report follows Microsoft’s announcement last month that APT28 was targeting European think tanks and non-profit organizations, including the German Council on Foreign Relations, The Aspen Institutes in Europe and The German Marshall Fund.

“The Russians and other nation states have been trying to disrupt the election process long before the Cold War started,” Israel Barak, chief information security officer at cyber security company Cybereason, told VICE News in an email. “What's most interesting is the means with which foreign adversaries go about their dirty work today. With a few keystrokes they can carry out basic phishing scams that prey on individuals, as the staff members of candidates and elected leaders are the most vulnerable to opening attachments laced with malware” Barak said.

Cover Image: A screenshot of the Fancy Bear website seen on a computer screen in Moscow, Russia, Wednesday, Sept. 14, 2016. (AP Photo/Alexander Zemlianichenko)