14 DAY TRIAL // During the month of April 2016, a cyber-espionage group codenamed Pawn Storm targeted many high-ranking officials in Germany's ruling party, the German Christian Democratic Union (CDU), Trend Micro reports. Angela Merkel, Germany's Chancellor is a member of the CDU.
The group, also known as APT28, Sofacy, Fancy Bear, Sednit, and Strontium, is active since 2004, and even if no palpable evidence has linked it to the Russian intelligence services, most of its targets in the past twelve years were the same as Russia's many geo-political adversaries.
Pawn Storm launched credential stealing attacks
In its most recent wave of attacks, the Pawn Storm APT (Advanced Persistent Threat) used highly targeted spear-phishing attacks against some of CDU's most important figureheads.
According to Trend Micro, the group sent fake emails that led users back to fake Webmail servers hosted in Latvia and the Netherlands. These are fake webmail login portals on which the hackers collect the target's email credentials.
The security firm says the Latvian server is hosting a clone of the CDU's private corporate webmail server while the one in the Netherlands is hosting Web pages made to spoof popular free email providers like GMX and Web.de, where some CDU party members also have accounts.
Group targeted Germany last year as well
"Credential phishing is an important espionage tool," Feike Hacquebord, senior threat researcher at Trend Micro explains. "We have witnessed Pawn Storm downloading complete online e-mail boxes and securing future access by e.g. setting up a forwarding e-mail addresses secretly."
This is not the first time Pawn Storm targets German officials. A similar cyber-espionage campaign took place last year in April when the group managed to infect computers in the German Bundestag (Parliament).
Another cyber-espionage campaign, not attributed to Pawn Storm, targeted one of Angela Merkel's assistants, who found the Regin spyware on his laptop.
In spite of the fact that many security firms closely track its movements and tactics, Pawn Storm has always remained active, unlike other APTs which prefer to go into hiding when uncovered.