If a Russian connection is proved, the hacking would add to mounting allegations that Moscow is backing attempts to influence Western elections in favor of candidates with policies potentially more friendly to the Kremlin. Le Pen has voiced opposition to the powers of the European Union and has called for better ties with Russia, echoing some of the campaign rhetoric of President Trump.
Tokyo-based Trend Micro said Macron's campaign was targeted in March and April by a cyberspying group called Pawn Storm. The group has allegedly used phishing and malware to infiltrate other political organizations, as well, such as German Chancellor Angela Merkel's Christian Democratic Union and the U.S. Democratic National Committee.
“There are several things which suggest that the group behind the Macron hacking was also responsible for the DNC breach, for example. We found similarities in the IP addresses and malware used in the attacks,” said Rik Ferguson, vice president of Trend Micro’s security research program.
“We cannot say for sure whether this was directed by the Russian government, but the group behind the attacks certainly appears to pursue Russian interests,” added Ferguson, speaking from the company's London offices.
According to the research firm, the hackers created several email addresses on a fake server with the URL onedrive-en-marche.fr, operating from computers with IP addresses in multiple European nations, including Britain.
It is unclear whether the phishing attacks discovered by Trend Micro had origins that were distinct from those of other hacking attempts that the Macron campaign made public in February.
At the time, the campaign's secretary general, Richard Ferrand, said its websites and networks were under constant attacks from hackers thought to be in Russia. He accused the Russian government of trying to influence the election. Benjamin Griveaux, Macron’s spokesman, said Tuesday that the attacks documented in the Trend Micro report appear to have been carried out by the same group as the one in the previous attacks. Trend Micro concluded, however, that the more recent attacks were distinct and more dangerous.
Griveaux said 2,000 to 3,000 attempts have been made to hack the campaign, including denial-of-service attacks that briefly shut down Macron’s website and more sophisticated efforts to burrow into email accounts of individual campaign workers. He was not sure whether Macron had been targeted personally and said the main target of the phishing appears to have been the campaign’s mid-level management.
To the campaign’s knowledge, he said, no email accounts were compromised. “The vast majority of our employees are under 25 years old,” he said. “They know how to behave when they receive an unknown email or an email that looks suspicious.”
ANSSI, the French government's cybersecurity agency, confirmed the more recent cyberattacks against Macron but left open the possibility that they could be the work of “other high-level” hackers trying to point the blame at Pawn Storm.
The Russian government has denied any connections to the hackings. But some cyberespionage experts have previously linked Pawn Storm to Russian President Vladimir Putin's intelligence services.
Le Pen has taken loans from Russian banks and has repeatedly praised Putin. Russian state media have openly supported her in the French election.
The final round of the election is also being viewed as a referendum on the future of the E.U. A victory for Le Pen — who is trailing Macron in polls — could jeopardize France's participation in the euro common currency and give a major boost to factions seeking to copy Britain's E.U. exit.
“There is a crisis of confidence in France,” said Cécile Vaissié, a Russia expert at Rennes 2 University in northern France. “The Kremlin networks try to accentuate the doubts and divisions and to propose the 'Russian model' as a solution. And these efforts will not end with the elections.”
Michael Birnbaum and Virgile Demoustier contributed to this report.