The snow had not yet fallen on Île-de-France when a cold snap had already swept through the chamber. According to information from Politico, several MPs' Telegram accounts have been hacked in recent days. The elected representatives of the National Assembly received this Wednesday, November 20, a warning email from the IT services of the Palais Bourbon alerting them of the compromise of accounts on Russian messaging. The hacks would affect several deputies from all political stripes but also a former minister of Emmanuel Macron, reports BFMTV. Political journalists and Assembly employees were also reportedly affected.
These elected officials and their contacts fell into the trap of “a not particularly sophisticated phishing attack,” Baptiste Robert, recognized cybersecurity expert and founder of the start-up Predicta Lab, explains to RTL. They saw Telegram messages appear offering them to see “photos of them as a child” or “a photo of their primary school teacher”, indicates BFMTV. “I absolutely have to show you something,” we can read in another message mentioned by the information site. All these messages were associated with a corrupted link leading to a connection window integrated into the messaging allowing hackers to take control remotely and invisibly of the accounts of elected officials.
“The attack comes in the form of a standard message directing you to click on a fraudulent link that will ask you to enter your phone number. If you click on the link AND enter your phone number, your Telegram account will be immediately compromised and the attacker will use your account to distribute malicious content”, describes the email sent to deputies by the data protection delegate of the National Assembly, consulted by RTL.
The risk for victims is to see hackers who have accessed their accounts extract the messages and all the information they contain. Hacked accounts can also act as a vector for spreading phishing messages to trap new people and spread scams. Trapped elected officials who clicked on the links contained in these messages are invited to change their password allowing them to access messaging, to disconnect the devices that have access to their account and to activate double authentication.
A banal phishing campaign or a targeted attack?
It is difficult to say at the moment who is behind this campaign. “Our first analyzes show that there are around twenty phishing sites behind it. It’s a whole network,” emphasizes Baptiste Robert. At this stage, it is impossible to say whether this is a targeted attack, for espionage or intelligence purposes, or a massively distributed campaign, as we regularly observe today. , which would have spread in the hemicycle due to the lack of vigilance of elected officials and their contacts. “There is a galaxy of possibilities. It could be a state actor like a grazer in an internet café,” summarizes Baptiste Robert.
This incident is in any case a new illustration of the risks linked to the use of Telegram. Since the arrest and then indictment in France of Telegram CEO Pavel Durov, messaging is no longer in the odor of sanctity in power circles. Last week, the media La Lettre revealed that Matignon had instructed members of the government and their entourage to favor the use of encrypted messaging Signal over Telegram. Interior Ministry services were also asked to uninstall Russian messaging from their smartphones. Last year, a circular signed by Elisabeth Borne ordered ministers and their cabinets to migrate to the French messaging company Olvid. But the use of the application, deemed to be not very ergonomic, has never convinced politicians.
The case also highlights the lack of digital hygiene of the hacked deputies. “Whether on Telegram, WhatsApp, Signal or elsewhere, the reality of phishing is that if you enter secret codes in pages that you do not know, you will always be fooled,” summarizes Baptiste Robert.
Read more