Russian hackers have launched a spearphishing campaign against a number of European governments ahead of EU parliamentary elections in May.
The campaign, unearthed by researchers at FireEye, has been linked to two groups – APT 28 and Sandworm Team – allegedly linked to the Russian government.
The rationale behind the campaign is unclear, but FireEye’s researchers speculated it may have been designed to gain access to sensitive documents as part of a Russian interference campaign.
“Russia could be gearing up to leak data that would be damaging for a particular political party or candidate ahead of the European elections,” said FireEye analyst Benjamin Read. The data, Read added, could also help to inform Russia’s political decisions.
“The link between this activity and the European elections is yet to be confirmed, but the multiple voting systems and political parties involved in the elections creates a broad attack surface for hackers.”
The email campaign works by luring victims into clicking on links that covertly download malware or direct users to fake sites which harvest their login credentials. In order to establish credibility, the hackers have registered internet domains and account names similar to those trusted by the targets.
In October, the US and UK governments joined forces to identify the GRU – the Russian military intelligence agency believed to behind the Skripal poisoning – as the source of a series of cyber attacks carried out by APT 28, also known as Fancy Bear.
Investigators at the National Cyber Security Centre linked the agency to six high-profile cyber attacks, including hits on the US Democratic Party, Ukrainian infrastructure and the World Anti-Doping Agency.
The campaign described by FireEye appears to resemble the attack on the US Democrats in the run up to America’s last presidential election, which resulted in the publication of leaked documents relating to Hillary Clinton.
Sign up to Emerging Threats, our weekly cyber security newsletter
Commenting on the research, Israel Barak, chief information security officer at Cybereason, said: “As we learned from the last US presidential election, there are treasure troves of sensitive information online on candidates, the opposition and foreign leaders.”
He added: “[For Russia], cyber intrusions, psychological operations, and propaganda to change the narrative about [the country] and sow discord to prevent unified action is most important.”