Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:

Russian hackers are laying the groundwork to spy on the US Senate, cybersecurity firm says

Post a Fraud Alert:

Russian President Vladimir Putin attends a state awards ceremony for military personnel who served in Syria, at the Kremlin in Moscow, Russia December 28, 2017. REUTERS/Kirill Kudryavtsev/Pool
President Vladimir Putin attends a state awards ceremony for
military personnel who served in Syria, at the Kremlin in


  • The cybersecurity firm Trend Micro found evidence that
    Russian hackers targeted the US Senate’s internal email system
    in mid-2017.
  • The phishing emails, while not advanced in nature, are
    often “the starting point of further attacks that include
    stealing sensitive data from email inboxes,” the researchers
  • The Russian hackers used the same methods last year to
    try to steal emails from the email server used by French
    President Emmanuel Macron’s political party.

The US Senate was targeted last year by the same hacking group
that broke into the Democratic National Committee servers during
the 2016 presidential election, according to the cybersecurity firm Trend

The research firm found that phishing sites were set up by Pawn
Storm, also known as Fancy Bear or APT28, mimicking the Senate’s
internal email system in an attempt to gain users’ login

“By looking at the digital fingerprints of these phishing
sites and comparing them with a large data set that spans almost
five years, we can uniquely relate them to a couple of Pawn Storm
incidents in 2016 and 2017,” the researchers wrote. 

They added that the phishing emails, while not advanced in
nature, are often “the starting point of further attacks that
include stealing sensitive data from email inboxes.”

Trend Micro researcher Feike Hacquebord told Business
Insider on Friday that the firm does not have any inside
information that would allow it to determine whether the phishing
attempts were successful. 

The firm, Hacquebord added, doesn’t attribute hacks to
certain governments as a matter of policy. But the digital
fingerprints are “very unique,” he said, to the point where it’s
“almost obvious” that Pawn Storm was behind the

June 2017 phishing attempts would not
have been the first time the Russia-linked hackers tried to
infiltrate the US Senate. 

In its extensive
analysis of Fancy Bear’s targets during the presidential
election, the Associated Press found that Senate staffers Robert
Zarate, Josh Holmes, and Jason Thielman were targeted between

Fancy Bear had a “digital hit list” throughout that
that targeted a wide range of Russia’s perceived
enemies, including former Secretary of State John Kerry,
Ukrainian President Petro Poroshenko, anti-corruption
activist Alexei Navalny, and half of the feminist protest punk
rock group Pussy Riot.

Trend Micro said that the Senate’s Active Directory
Federation Services (ADFS), which is bascially its internal email
system, “is not reachable on the open internet.” But phishing of
users’ credentials on a server “that is behind a firewall still
makes sense.”

“In case an actor already has a foothold in an organization
after compromising one user account, credential phishing could
help him get closer to high profile users of interest,” the
researchers wrote. 

Hacquebord said he doesn’t think it’s correct to say that
the methods Pawn Storm used were not advanced.

“They have to know who they want to target, and the timing
is important,” Hacquebord said. “The techniques may not be
advanced but the social engineering is. They’ve been using these
same tactics for quite some time, and it’s been quite effective.
They are also very persistent.”

He added that Pawn Storm was using zero-days,
or software vulnerabilities that can be exploited by hackers
before the developer discovers and patches it.

“These zero days are expensive on the black market,” Hacquebord
said. “This is not the stuff of amateurs.”

Trend Micro was the firm that uncovered Fancy Bear’s
attempts to hack into French President Emmanuel Macron’s email
account. The researchers found that the hackers had created a
phishing domain that impersonated the site that was used by En
March, the political party Macron founded in 2016. 

The hackers used the same technique to try to infiltrate
the Senate, Hacquebord told the AP.

“That is exactly the way they attacked the Macron campaign
in France,” he said.

Fancy Bear also targeted the Iranian presidential election in May
2017, the researchers found, by setting up a phishing site
targeting users.

“We were able to collect evidence that credential phishing
emails were sent
 users on May 18,
2017, just one day before the presidential elections in Iran,”
the firm wrote. “We have previously reported similar targeted
activity against political organizations in France, Germany,
Montenegro, Turkey, Ukraine, and the United States.”

Russian hackers also targeted the World Anti-Doping Agency
(WADA), homing in on 
a total of 26 athletes. Four of
them were American — Ariana Washington, Brady Ellison,
Connor Jaeger, and Lauren Hernandez.

The hack came after the
Olympic Committee found evidence of state-sponsored
and widespread doping in Russia’s Olympic athletes
, many of
whom were barred from the 2016 Rio Games and the Paralympics as a

Fancy Bear also “sought active contact with mainstream
media” after the WADA was compromised, according to Trend Micro,
in an attempt to influence what was published. 

Article source: