All of the four fake domains were registered by someone using the same email address; email@example.com. (Whoever controls that account did not respond to a request for comment.)Associated Press reporter Raphael Satter also found this link on Monday. And a Trend Micro spokesperson confirmed to Motherboard that these are indeed the four domains they identified.Here's a graph showing all the connections and links between these domains.
All these tactics, according to ThreatConnect, are consistent with past tactics employed by Fancy Bear. But without more information on the actual phishing messages used against Macron, "we cannot definitively confirm that Fancy Bear is behind this," as Kyle Ehmke, senior intelligence researcher at ThreatConnect, told me.Fancy Bear or no Fancy Bear, however, it's clear someone was trying to hack Macron. If some of his emails, or those of his staffers, mysteriously appear online before the second round of the elections on May 6 and 7, we'll get a better idea of who tried to hack him.Subscribe to Science Solved It, Motherboard's new show about the greatest mysteries that were solved by science.
The attempts were "serious, but nothing was compromised."