A sophisticated hacking collective with suspected links to the Kremlin has been launching cyberattacks against the political party of German Chancellor Angela Merkel since April, according to security researchers at Trend Micro.
The ongoing siege against the Christian Democratic Union (CDU) appears to have been orchestrated by the well-known group known as Pawn Storm, with the aim of stealing personal and corporate government data. The hackers, targeting two popular email services, used a coordinated phishing attack against the CDU and other targets in Latvia and the Netherlands, Trend's research has revealed.
"A fake corporate webmail server of CDU was set up in Latvia for advanced credential phishing," Feike Hacquebord, senior threat researcher, said in a blog post. "Around the same time, three domains were created for credential phishing targeting high-profile individual users of two German free webmail providers.
"The main fake webmail server of but the free webmail credential phishing sites are on servers of the virtual CDU was set up in Latvia, Private Server provider in the Netherlands."
Since its emergence in 2004, Pawn Storm has earned its notoriety in cyber-crime circles for its effectiveness in targeting governments, armed forces, defence firms and media organisations across the globe. However, according to Trend's analysis, the group's targets all have one thing in common: they only focus on entities that are perceived as enemies of Russia. A year ago, the group compromised computers in the German parliament by spreading malware and it was suspected that hackers affiliated with Russia were to blame.
Hacquebord said: "Pawn Storm attackers often conduct sophisticated, simultaneous attacks against targets' corporate and personal email accounts. The attackers build a fake version of the corporate webmail server of the targeted organisation and at the same attack key members of the organisation on their private free webmail accounts. Credential phishing is an important espionage tool: we have witnessed Pawn Storm downloading complete online email boxes and securing future access by, eg, setting up a forwarding e-mail addresses secretly."
He added: "Prior to this attack, we reported on Pawn Storm attacking the Turkish government from various angles last March 2016. These attacks further confirm our theories as to the identities of the attackers. Pawn Storm clearly targets groups that could be perceived as a risk to Russian politics and interests." Yet in this instance, and despite the attack having been ongoing for roughly a month, it remains unclear what information, if any, was compromised by Pawn Storm. However, an unnamed source at the CDU headquarters told Reuters the political party is now looking into the report.
When it comes to cyber-crime, Pawn Storm has a long resume. In 2015 alone, the group was responsible for targeting Nato members, the White House, the Dutch government's MH17 Investigation Team and several ministries of foreign affairs across the world using a previously unknown Adobe Flash 'zero-day' vulnerability.