The same hackers who accessed the computer systems of the Democratic National Committee (DNC) last year also targeted the campaign of Emmanuel Macron, one of two remaining candidates in the current French presidential election, according to security firm Trend Micro.
The group, known in the security community as Fancy Bear or Pawn Storm, among other code names, set up a URL that masqueraded as a Microsoft OneDrive account in order to capture information from the Macron campaign, Trend Micro said in a report published on Tuesday.
The OneDrive phishing attempt, which started last month, used the URL "onedrive-en-marche.fr" to attempt to spoof users, although it's unclear whether or not it allowed the hackers to successfully breach the campaign's computers. The phishing attempt appears similar to the methods that hackers used last year to gain access to the DNC's computer systems.
"There are several things which suggest that the group behind the Macron hacking was also responsible for the DNC breach, for example," Rik Ferguson, vice president of Trend Micro's security research program, told the Washington Post. "We found similarities in the IP addresses and malware used in the attacks."
Trend Micro said Pawn Storm frequently targets victims like political parties and candidates that are at odds with Russian geopolitical interests. Crowdstrike, another security firm that investigated the DNC hack, suggested last summer that the group, which it refers to as Fancy Bear, is aligned with GRU, Russia's military intelligence service.
Many of the group's phishing campaigns resemble the login screens of major email services with remarkable accuracy, according to Trend Micro's report. In addition to phishing, the group also relies on DNS attacks to gain access to victims' computers.
The group's most recent target, according to Trend Micro, is the Konrad Adenauer Foundation, a German political think tank, which was hit with a phishing campaign on March 5.