SOCRadar® Cyber Intelligence Inc. | Cybersecurity Challenges for the European Parliament Election
Home

Resources

Blog
May 10, 2024
10 Mins Read

Cybersecurity Challenges for the European Parliament Election

[Update] June 7, 2024: “Russian Threat Actors”

Scheduled for the beginning of June 2024, the upcoming European Parliament election is a target for various cyber threats. While the electoral process will be governed by the national provisions of each member state, European institutions will still be responsible for the security of the elections.

The European Parliament, as a legislative body within the European Union, and its 705 members hold significant value for the Union’s future. In light of the escalating espionage activities perpetrated by Russia and China, Europe has to protect its digital frontier.

To learn more about the Chinese and Russian cybercrime landscape, check out SOCRadar’s China-Russia Cybercrime Report.

Possible Cyber Threats for the European Parliament Election

The European Parliament election is a cornerstone of democratic governance, representing the collective voice of millions across the European Union. Considering the political and economic weight of the European Union in global politics, the outcome of any political process within the organizations is critical for the security of millions of people worldwide. Understanding and addressing potential cyber threats to the European Parliament election becomes crucial in this context.

Several categories of cyber threats are particularly relevant to the upcoming European Parliament elections.

The dissemination of disinformation campaigns is a critical domain in which rival states are prepared to act. The widespread use of deepfake and AI technologies has simplified the creation of fake content, thereby bolstering the effectiveness and size of disinformation campaigns. Another risk for the European Union is the possible phishing attacks targeting high-profile individuals and their networks. The final risk originates from within the Union itself. The use of spyware against politicians and journalists poses a significant concern, further heightening the vulnerability of the electoral process to external manipulation.

By following SOCRadar’s intelligence products, you can instantly learn more about the latest cybersecurity news. DarkMirror is a summary of all the critical dark web news from various sources like hacker forums, black markets, and messaging platforms.

DarkMirror from SOCRadar

DarkMirror from SOCRadar

Deepfake & AI and Disinformation Risks for the European Parliament Election

As the European Parliament gets closer to the elections, authorities are taking necessary steps to deploy extensive measures to safeguard the integrity of the electoral process. One of the things authorities try to protect is how the information is spread.

When “disinformation” is mentioned, it’s commonly associated with adversaries spreading false information. However, this isn’t always the scenario. Particularly with the rise of fact-checking organizations, disinformation campaigns involving disseminating inaccurate information are becoming more challenging. According to Eurostat, around nine out of ten (89%) people in the EU use the internet, and 72% of them choose online sources to learn about the world. Due to this interest from people, fact-checking organizations work diligently to protect the digital landscape in a highly digitally proficient society like Europe.

While that type of disinformation is still popular, the complexity of the issue led to the rise of another form of disinformation type: urging the opposing party to refrain from participating in elections or, in general, from political processes. By employing actors who present themselves as if they are from the opposition, targets can convinced to stay away from the ballots. There can be increased efforts to undermine the upcoming EU elections in June by discouraging the public from voting.

Authorities are also trying to protect the other fronts of the disinformation domain.

The European Commission has shifted its focus to major social media platforms like X (formerly Twitter), Meta (formerly Facebook), YouTube, and TikTok due to suspicion about the shortcomings of these platforms in combating disinformation. These platforms must ensure that political advertisements and AI-generated deepfakes are clearly labeled while establishing specialized teams to actively monitor emerging narratives.

The part about following “emerging narratives” is a challenging goal to achieve in the case of the European Union due to its diverse nature. These companies mainly track the narratives in English; after that, more popular European languages such as German or French take the secondary level. However, other nations are not getting the same protection from these platforms, resulting in gaps in the defense of this domain.

In an era where deepfake content production for disinformation purposes turns into a market by itself, individuals must ensure that the information they consume comes from credible sources.

Phishing Risks for the European Parliament Election

Phishing attacks are another vector that poses a formidable threat to the integrity of the European Parliament Elections. CERT-EU’s findings underscore the persistent threat of spear phishing, with threat actors favoring it as the primary method of gaining initial access to EU-based organizations in 2023.

SOCRadar’s Phishing Radar

SOCRadar’s Phishing Radar

You can utilize SOCRadar’s Phishing Radar tool to ensure your organization and leaders are safe from fishing attacks.

These targeted campaigns hit sectors like diplomacy, defense, and transport the hardest. Although the attacks weren’t necessarily directed at specific organizations, individuals and entities intricately involved in EU policies and events were targeted.

This strategic approach heightens the likelihood of success, as unsuspecting targets may inadvertently engage with malicious links or documents, unwittingly facilitating cyberattacks. These findings underscore the importance of the EU exercising greater caution and implementing strong cybersecurity measures, particularly for civil servants.

Some potential targets are managers, directors, and other staff within the political domain. Phishing emails might pose as messages from the leadership requesting sensitive information. In certain cases, volunteers may also be targeted. In such instances, phishing emails may impersonate campaign organizers, urging recipients to contribute donations, register as volunteers, or undertake other actions that can compromise personal information or provide attackers access to their systems.

EU systems undergo continuous monitoring by authorities, and if deemed necessary, individuals can report what they think is suspicious to entities such as the Phishing Initiative.

SOCRadar can take down accounts impersonating your brand

SOCRadar can take down accounts impersonating your brand

SOCRadar is collecting intelligence on phishing attacks and phishing domains, trying to deceive the public. You can utilize our services to protect your organization from phishing attacks automatically. Additionally, you can check our Integrated Takedown module to protect your customers from threat actors trying to imitate your name.

Use of Spyware and the European Parliament Election

In the European Union, governments’ use of spyware raises serious concerns regarding human rights, privacy, and the rule of law. The EU has robust legal frameworks to protect fundamental rights, including the right to privacy and freedom of expression. Still, spyware is benefiting from the gaps in the legal framework of the EU.

While the EU maintains strict oversight over large tech corporations and their operational practices, existing regulations are often inadequate in curtailing the activities of spyware companies. That’s why many European states, including Western Europe, are home to various spyware companies.

Besides being home to several companies, Europe is struggling to ban the use, export, or import of these tools. Due to this complexity, we have seen several cases where high-level individuals are targeted by spyware. Pegasus spyware, in particular, has created lots of discussions in the past. It has been deployed against opposition politicians in Poland, utilized by Madrid to spy on Catalan activists, employed by Latvia to spy on Russian opposition journalists and many more.

European Parliament President Roberta Metsola targeted by Predator spyware

European Parliament President Roberta Metsola targeted by Predator spyware

Last year, we saw another case from the European Parliament that is going to elections this year. Roberta Metsola, the president of the European Parliament, was targeted by spyware. The Predator spyware used to spy on Metsola was produced by a European company.

In the cases we saw earlier, these kinds of applications do not require classic techniques applied by usual threat actors. In the case of Roberto Metsola, the delivery method was a link shared on X (formerly Twitter), according to Amnesty International. In certain instances, the target doesn’t have to click a malicious link or take any action because of the zero-click exploits these spyware abuse.

European Parliament President Roberta Metsola - Source: EP

European Parliament President Roberta Metsola – Source: EP

The use of spyware is not new. States have been using these kinds of applications for the last decade. With the current legal obstacles in front of the EU blocking it from banning states from further utilizing these apps and the rising gap between populist and centrist politicians in Europe, we may see an increase in the utilization of spyware by more populist political authorities.

Moreover, the current threats from Russia and China are pushing certain European nations to take bolder steps and enhance their influence within the European Union. Such power dynamics will heighten the demand for increased intelligence gathering and analysis. To gain leverage in European politics, the European Parliament may become a target for spyware employed by actors trying to be more influential within Europe.

Secure your assets with SOCRadar’s Attack Surface Management module

Secure your assets with SOCRadar’s Attack Surface Management module

Targets of these spyware attacks were unaware of the prying eyes observing them, and this unfortunate experience is not exclusive to individuals. Hackers are also targeting organizations and exploring their systems’ vulnerabilities. It is hard to tell if your systems are compromised if you don’t set proper measures. With SOCRadar’s Attack Surface Management module, you can be sure that all your systems facing the world are protected.

Russian Threat Actors

Since the beginning of the Ukraine-Russia war, cyber attacks originating from Russia have become the new normal for EU institutions and organizations. These attacks have targeted various sectors, including government institutions, critical infrastructure, and private enterprises, aiming to disrupt operations and steal sensitive information.

On June 6, a pro-Russian hacker group, CyberArmyofRussia, announced plans to launch a cyberattack on Europe’s internet infrastructure, citing alleged Russophobia and double standards by European authorities. The group accuses the European Parliament of ignoring the “genocide” in Donbass for eight years and implementing anti-Russian sanctions following Russia’s actions in Crimea and Donbass.

Russian threat actor’s Telegram channel monitored by SOCRadar

Russian threat actor’s Telegram channel monitored by SOCRadar

While there are several threat actors joining this operation, the message also states that anonymous hacker groups are taking responsibility as well. Some of the threat actors who stated their names are NoName057(16), НароднаяКиберАрмия, and KillMilk, the previous leader of KillNet.

With the start of the European Parliament elections on June 6, the attacks of Russian origin intensified. Airports, ministries, and transportation companies are targeted in the Netherlands. Besides the Netherlands, several other websites belonging to the European Union faced DDoS attacks as well.

Conclusion

While elections worldwide show similar characteristics, the risks they encounter also remain consistent. However, certain factors elevate the significance of specific threats over others. Within the European Union context, three issues emerge as paramount. While the EU is actively addressing deepfake technology and disinformation through appropriate measures, regrettably, combating spyware presents a notable challenge to the Union.

The abundant resources available to the EU enable it to better protect itself against data breaches and other types of cyber intrusions compared to what is observed in elections in different parts of the world. Hence, the primary focus of the EU should be directed towards its domestic affairs and the information sphere.

Unfortunately, not every organization (private or public) has the means of the EU to protect their systems. You can utilize SOCRadar Extended Threat Intelligence for all your CTI needs and protect your organization from hackers.