Russian hackers are laying the groundwork to spy on the US Senate, cybersecurity firm says

Russian President Vladimir Putin attends a state awards ceremony for military personnel who served in Syria, at the Kremlin in Moscow, Russia December 28, 2017. REUTERS/Kirill Kudryavtsev/Pool

The US Senate was targeted last year by the same hacking group that broke into the Democratic National Committee servers during the 2016 presidential election, according to the cybersecurity firm Trend Micro

The research firm found that phishing sites were set up by Pawn Storm, also known as Fancy Bear or APT28, mimicking the Senate’s internal email system  in an attempt to gain users’ login credentials.

“By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017,” the researchers wrote. 

They added that the phishing emails, while not advanced in nature, are often “the starting point of further attacks that include stealing sensitive data from email inboxes.”

The June 2017 phishing attempts would not have been the first time Russia tried to infiltrate the US Senate. In its extensive analysis of Fancy Bear’s targets during the presidential election, the Associated Press found that Senate staffers Robert Zarate, Josh Holmes, and Jason Thielman were targeted between 2015-2016.

Fancy Bear had a “digital hit list” throughout that period that targeted a wide range of Russia’s perceived enemies, including former Secretary of State John Kerry, Ukrainian President Petro Poroshenko, anti-corruption activist Alexei Navalny, and half of the feminist protest punk rock group Pussy Riot.

Trend Micro said that the Senate’s Active Directory Federation Services (ADFS), which is bascially its internal email system, “is not reachable on the open internet.” But phishing of users’ credentials on a server “that is behind a firewall still makes sense.”

“In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest.”

Trend Micro was the firm that uncovered the Russians’ attempts to hack into French President Emmanuel Macron’s email account. The researchers found that the hackers had created a phishing domain that impersonated the site that was used by En March, the political party Macron founded in 2016. 

The hackers used the same technique to try to infiltrate the Senate, Trend Micro researcher Feike Hacquebord told the AP.

“That is exactly the way they attacked the Macron campaign in France.”

Fancy Bear also targeted the Iranian presidential election in May 2017, the researchers found, by setting up a phishing site targeting users.

“We were able to collect evidence that credential phishing emails were sent to users on May 18, 2017, just one day before the presidential elections in Iran,” the firm wrote. “We have previously reported similar targeted activity against political organizations in France, Germany, Montenegro, Turkey, Ukraine, and the United States.”

Russian hackers also targeted the World Anti-Doping Agency (WADA), homing in on a total of 26 athletes. Four of them were American — Ariana Washington, Brady Ellison, Connor Jaeger, and Lauren Hernandez.

The hack came after the International Olympic Committee found evidence of state-sponsored and widespread doping in Russia’s Olympic athletes, many of whom were barred from the 2016 Rio Games and the Paralympics as a result.

Fancy Bear also “sought active contact with mainstream media” after the WADA was compromised, according to Trend Micro, in an attempt to influence what was published. 

Join the conversation about this story »

NOW WATCH: Here are the 12 best Trump memes of 2017

Business Insider