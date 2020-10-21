The FBI and the US Department of Justice announced on October 19 that six officers from the GRU, the Russian military intelligence service, would be charged. They are accused of carrying out numerous cyber attacks, including the one with “En marche!” », Emmanuel Macron’s party, a few days before the 2017 election.

Russian origin confirmed by MacronLeaks

The 2017 French presidential elections were marked by the hacking of tens of thousands of documents within “En Marche! “, The party of the election winner Emmanuel Macron. With the publication of the documents two days before the vote, the goal of the cyberattack was crystal clear: to destabilize the top candidate in the polls and disrupt the election. Russia was quickly singled out at the time. A track, After the indictment of the American judiciary, there is no longer any doubt that it is actually Russian intelligence officers who are the origin of the MacronLeaks.

The six officers accused belong to Unit 74455 of the General Intelligence Directorate (GRU) of the General Staff of the Armed Forces of the Russian Federation. A group better known to cybersecurity experts as the sandworm believed to be the elite cyber-attack division of the Russian intelligence agency.

According to Le Monde, Anatoly Kovalev (bottom left in the picture), born in 1991 or 1994, is the main person responsible for the MacronLeaks. He has already been prosecuted in the US for attempting to disrupt the 2016 American elections. allegedly stolen information on half a million American voters by entering a state’s electoral system.

The group, which is active between November 2015 and October 2019, has a long list of cyber attacks behind it. They all have in common to serve the strategic interests of the country Vladimir Putin.

In December 2015 and December 2016, Ukrainian power plants and government institutions were attacked. Since the annexation of Crimea in 2014, Russia is still suspected of intervening through pro-Moscow militias in another Ukrainian region still at war, Donbass. In late June 2017, NotPetya ransomware hit 65 countries (including Russia) and blocked hundreds of thousands of computers around the world. In France alone, the damage is estimated at over 1 billion euros. The original destination is back in Ukraine. From December 2017 to February 2018, the Winter Olympics in Pyeongchang, South Korea, were constantly attacked, particularly by malware called “Olympic Destroyer”. Russia had been officially excluded from the competition by the International Olympic Committee because of massive doping. In April 2018, the Chemical Weapons Prohibition Organization and Defense Science and Technology Laboratory in the UK were attacked. They then investigate the poisoning of former GRU agent Sergei Skripal, a refugee in England, in Novichok. The poison designed in the USSR pollutes Russia. Various Georgian government agencies were attacked in 2018 and 2019. Georgia and Russia experienced armed conflict in 2008. In 2019, a stormy speech by a Russian MP in the Georgian parliament sparked tension between the two countries.

FBI and US Justice want to send a message

The US judiciary is accusing the six agents of conspiracy, hacking, electronic fraud, exacerbated identity theft and the false registration of a domain name. The likelihood of them occurring in the face of American justice is zero. At most, the agents will no longer be able to go to countries that have an extradition treaty with the United States.

The real aim of this American communications operation is twofold. First of all, to show that the FBI has the technical means and skills to trace the trail of sophisticated cyberattacks. The press release also mentions the contribution of several technology giants to the survey, Google, Cisco, Facebook and Twitter.

The other point is a warning to Russia: “Whether you are a cybercriminal who exploits hacking or a Russian intelligence officer who intends to dismantle the infrastructure, these attacks will not be tolerated.” said FBI assistant director David Bowdich. The public disclosure of the identity of agents from another country is rather rare and sends a strong signal to Russia: In the future, cyber attacks must stop.