Fancy Bear may have stumbled in the French election but they’re still wreaking havoc across Western Europe. And despite the failure of what many suspect was their attempt to disrupt the victory of Emmanuel Macron’s political campaign, the infamous Russian hackers haven’t yet adapted their tactics, say cybersecurity experts.
In France, Fancy Bear was suspected of hacking Macron’s email account, presumably in an attempt to boost right-wing candidate Marine Le Pen. The hack led to a massive dump of leaked documents just days before this month’s election, but it proved ineffective due to French resistance to fake news and social media and to the Macron campaign’s effective counterattack–reportedly setting up its own fake sites and accounts to confuse the hackers.
But the group continues to pursue digital attacks across the world, in an effort to steal sensitive information and promote Russian interests through leak-based propaganda campaigns, experts say.
“A lot of their activity goes pretty unnoticed in the West, because a lot of it focuses on Eastern Europe and Central Asia,” says John Hultquist, director of cyber-espionage analysis at security firm FireEye. The group has targeted political figures in Montenegro, for instance, as the Balkan country–once part of Soviet-aligned Yugoslavia–moves to join NATO.
“Obviously that has repercussions for Russian influence in the area,” says Hultquist.
Fancy Bear has also been active in Germany, hacking computers of the country’s parliament in 2015 and subsequently attacking Chancellor Angela Merkel’s party and reportedly sending phishing emails to affiliated political research organization earlier this year. Die Zeit, a respected German newspaper, warned earlier this month that “it is quite possible that emails from the chancellor will soon appear during the election campaign” leading up to a vote in September that will determine whether Merkel’s party continues to control the legislature. The group hasn’t been spotted to the same extent in the U.K., where elections are slated for June 8, though security firm SecureWorks reported earlier this year that Fancy Bear penetrated a network belonging an unnamed television network in the country in 2015 and 2016.
Part of the reason for Fancy Bear’s relentlessness is due to the perception that their attacks go unpunished. Though the hackers suspected of hacking the Democratic National Committee and Hillary Clinton campaign chairman John Podesta’s email accounts inarguably impacted the election, leading to the victory of Russian president Vladimir Putin’s preferred candidate, they’ve paid a relatively small price for the attacks, says Chris Finan, cofounder and CEO of security startup Manifold Technology and a former White House cybersecurity advisor. “What consequences have…