U.S. and U.K. authorities charged Russian state-backed hackers with having carried out a complex attack on Emmanuel Macron’s presidential campaign in 2017, even as the French government has yet to officially attribute responsibility for the hack.
Late on Monday, U.S. federal grand jury unsealed an indictment charging six Russian nationals with attacking thousands of companies, government institutions and other entities in the West, including Macron’s campaign.
Incidents range from the highly destructive NotPetya attack in 2017 — a ransomware outbreak that began in Ukraine and caused devastating losses for companies around the world — to a 2018 attack on the Winter Olympic Games.
“Victims included … France, through spearphishing campaigns in and around April and May 2017 targeting local governments entities, political parties, and campaigns, including [Marcon’s] ‘La République En Marche!’ political party in connection with Marcon’s 2017 presidential campaign,” the indictment said.
The attribution of the campaign to Russia’s military intelligence by London and Washington underscores determination to counter state-backed cyber activity ahead of a presidential election in the United States, even though the targeted individuals are unlikely to be arrested unless they attempt to travel to a country willing to extradite them to the charging countries. The French government itself has never officially attributed the attack.
The breach of emails from Macron’s campaign came two days before the May 7, 2017 election during a state-mandated blackout on election-related media, which severely limited the leak’s impact on the vote. Analysts have long suspected Russia’s involvement in the breach. In the months leading up to the vote, the Macron campaign accused Russia of targeting its servers and spreading disinformation to influence the election.
But an investigation by France’s National Cybersecurity Agency ANSSI in the weeks that followed the vote rendered inconclusive results. The agency’s head Guillaume Poupard then told the Associated Press the attack that caused the emails to leak “was so generic and simple that it could have been practically anyone.”
Macron has not publicly attributed the attack since. But the French president has called out at Moscow for its cyber aggressions: Russia “will remain a country that tries to intervene” in European elections, he told a crowd at the Munich Security Conference this year, adding “we need to be clear on who did [meddle in elections] and we need to agree on sanctions.”
The European Union in July adopted its first round of cyber sanctions ever, targeted at the same GRU Unit 74455 (also known as “Sandworm” and “Voodoo Bear”) that was charged by U.S. prosecutors on Monday. European officials said the unit was behind the NotPetya incident and attacks on the Ukrainian power grid in 2015 and 2016.
EU countries are also very close to adopting sanctions on the GRU hackers that attacked the German Bundestag in 2015 and breached officials’ emails, two diplomats told POLITICO this month.
But the bloc so far hasn’t followed up with sanctions on the 2017 presidential campaign hack in France.
Eric Geller contributed reporting.