François-Xavier Bellamy, the top candidate for the conservative Les Républicains party in the upcoming European elections, revealed Monday that he had been targeted by an attempted cyberattack launched by a group believed to be linked to the Chinese government. Coming soon after Socialist Party candidate Raphaël Glucksmann’s announcement that he was targeted by what seemed to be a mass disinformation campaign on social media, Bellamy’s declaration is a stark reminder of the threat of foreign interference that continues to plague parties competing in the June elections.
Bellamy announced on Monday that he had filed a complaint after he was targeted by a cyberattack attempt from a group of hackers called APT31, which several countries – including the US and the UK – believe to be linked to the Chinese government.
"At a time when Chinese President Xi Jinping is embarking on a state visit to Paris, there's a feeling that we haven't taken the measure of what's at stake today in terms of foreign interference,” Bellamy told AFP. The candidate asked French President Emmanuel Macron to stress the need to respect the integrity of the European Parliament during his talks with his Chinese counterpart.
Bellamy is part of a group of seven French parliamentarians that was allegedly targeted by APT31 with phishing emails in January 2021. All seven are members of the Inter-Parliamentary Alliance on China, a group created in 2020 to coordinate action on different China-related issues such as the COVID-19 pandemic, the repression of the Uighur minority in Xinjiang and the 2019-2020 Hong Kong protests. But the attack was only discovered at the end of March 2024, after the US Department of Justice published an indictment charging seven Chinese nationals with being part of a “prolific global hacking operation”.
Read moreFrench government agencies hit by 'intense' cyberattacks
The cyberattack echoed a disinformation campaign targeting another prospective European parliamentarian, Raphaël Glucksmann, just weeks ago. Glucksmann, who has been vocal about the Uighur issue, was told in mid-April that accounts linked to China had been accusing him on social media of being a Trojan horse for the Americans – more specifically, the CIA – in Europe.
“The Chinese regime has already officially sanctioned me and the Russian regime has already spread fake news and threats against me time and time again,” he posted on X on April 16. “These pathetic slanders will not make us deviate from our path: the relentless defence of our democracy and Europe.”
Every liberal democratic election now a target
Glucksmann was warned by Viginum, the government agency tasked with tracking disinformation during elections that reports to France’s Secretariat-General for National Defence and Security.
At the start of February, Viginum had revealed what the agency described as a “structured and coordinated” network of sites spreading Russian propaganda in Europe and the US. Nicknamed “Portal Kombat”, this network then counted 193 sites. Since then, Viginum has uncovered 31 new domain names created between March 20 and 26 that are linked to Portal Kombat.
“The sites in this network do not produce any original content, but instead massively relay publications originating mainly from three types of sources: social networking accounts of Russian or pro-Russian actors, Russian news agencies and official sites of local institutions or actors,” the group reported.
“Since the middle of the 2010s, not a single major election in a liberal democracy has been spared” these kind of manipulation attempts, Viginum head Lieutenant-Colonel Marc-Antoine Brillant said in a press conference alongside French minister delegate for Europe Jean-Noël Barrot.
Read moreParis 2024 Olympics: A colossal challenge for cybersecurity
Brillant said that 2024 was a “very special year” given the conflicts in Ukraine and Gaza, but also because “France will have a very special exposure this summer with the hosting of the Olympic Games”. In this context, he said, the June 9 elections were “particularly attractive for foreign players in information manipulation”.
The governmental agency issued a warning to French political parties in a meeting on March 29. The aim was to raise their campaign teams’ awareness of different kinds of online threats, as well as to share a few digital hygiene best practices with them.
Macron’s Renaissance party is taking the issue seriously. The French president was himself the victim of a cyberattack during the 2017 presidential campaign that led to the publication of a number of his team’s email exchanges.
“We are making our teams more aware and reminding them regularly about the rules of information hygiene, with regular exercises such as the sending of fake phishing emails to our employees,” the team of Renaissance top candidate Valérie Hayer said. “We’ve also put in place tools to monitor anomalies in our digital networks. And finally we’re keeping an eye out for fake news that could be targeting us on social media.”
Mounting scandals
The other parties contacted by FRANCE 24 – Les Républicains, the Socialist Party, the Green Party and France Unbowed – have put similar preventative measures in place.
But even though France’s political parties are trying to stay vigilant, the French government thinks the problem of foreign influence needs to be dealt with on a Europe-wide scale.
“I called on the European Commission to exercise its supervisory and regulatory powers over major platforms to require them to exercise the utmost vigilance during the campaign period, the electoral silence period and election day,” Barrot said in the April 24 press conference.
Brussels has wasted no time in responding. Europe’s digital commissioner Thierry Breton opened an investigation on April 30 against Facebook and Instagram on suspicions that the social media sites have failed to meet their obligations in the fight against disinformation ahead of the European elections.
Read moreHas Germany’s far-right AfD become a gateway for Chinese and Russian spies?
The European Commission has been pushed into action following a series of scandals that have come to light these past months. On April 23, the German courts announced the arrest of Jian Guo, one of the assistants of MEP Maximilian Krah, the top candidate of the far-right Alternative for Germany. The suspect was accused of having spied on Chinese dissidents in Germany, and of sharing information on the European Parliament with a Chinese intelligence agency. Both Krah and Guo’s offices were searched by German police Tuesday based on orders issued by the investigating German judge and a European investigation order.
In March, Czech intelligence services announced that they had uncovered a network financed by Moscow to spread pro-Russian propaganda across Europe, targeting the European Parliament in particular. The group was allegedly using the Prague-based news site Voice of Europe to publish information apparently aimed at dissuading the EU from sending further aid to Ukraine. Shut down by the Czech government, the site has since resumed its activities in Kazakhstan, according to Euractiv.
Finally, the Qatargate affair, revealed in December 2022 by the Belgian media, uncovered a corruption scandal involving Qatar and the European Parliament vice-president, Greek MEP Eva Khaili.
- Amplifying negative narratives and/or sentiments via bot and troll networks
This modus operandi consists in amplifying narratives on a divisive subject and selectively shaping facts around it, by means of a constant flow of publications on a single semantic axis.
- Impersonating legitimate media
This modus operandi consists of deceiving internet users by usurping the identity of a legitimate media source, such as through the creation of a fake site, in order to disseminate inaccurate content.
- Instrumentalising the electoral process
This modus operandi involves manipulating information about the electoral process, such as spreading false information about polling dates, with the aim of reducing voter turnout on election day.
- Online political advertising
This modus operandi involves hijacking different platforms’ online advertising systems to disseminate polarising content of a political nature. This allows certain categories of citizens to be targeted according to different characteristics such as age or location, but also to reach users who aren’t subscribed to the original account.
- Astroturfing
This modus operandi aims to create or amplify a controversial subject, generally around one or more hashtags, whose actors will seek to increase its visibility. The massive creation and sharing of images allows narratives to be more widely disseminated.
- Deliberate data leaks or doxxing
This modus operandi consists of using a variety of methods to obtain sensitive information about a candidate or campaign team, and publishing it online in order to tarnish their image.
- Publishing manufactured content through media or social media accounts
This modus operandi consists in impersonating the identity of a candidate on social networks in order to convey false information that could harm them. It also involves the possibility of taking control of media outlets or authentic social network accounts to publish false or misleading content.
- Inciting actions in the physical world
This modus operandi can take the form of online calls to demonstrate, or to damage voting stations or political party offices. The ensuing events in the physical world can then be instrumentalised in digital space.
- Creating deepfake videos
This operating method consists of creating a video or audio recording created or modified through artificial intelligence. Based on deep learning technology, this technique makes it possible to generate credible fakes from real, easily accessible content.
This article has been adapted from the original in French.
