Russia-linked hackers targeting US Senate

43

Russian hackers from the group known as “Fancy Bear” are targeting the U.S. Senate with a new espionage campaign, The Associated Press reports.

A Tokyo-based cybersecurity firm tells the news service that it has discovered a chain of suspicious-looking websites set up to look like the U.S. Senate’s internal email system, and learned that the sites were being operated as part of an email-harvesting operation.

The tactic used by Fancy Bear’s hackers to obtain Senate emails is “identical” to an operation carried out against French President Emmanuel Macron during the French elections last year, which led to the publication of Macron’s campaign emails two months later.

That is exactly the way they attacked the Macron campaign in France,” Feike Hacquebord, an analyst at cybersecurity firm Trend Micro said.

“We are 100 percent sure that it can attributed to the Pawn Storm group,” said another analyst at the firm, using another code name for the Fancy Bear hacking group.

The websites targeting the U.S. Senate were set up in June and September of 2017. The Senate Sergeant at Arms office, which handles security for the upper chamber, declined to comment to the AP for the story.

This isn’t the first time the Senate has been targeted by hackers. In 2015 and 2016, the AP reports that a number of congressional staffers were targeted by malicious actors, including a top advisor to Florida Sen. Marco RubioMitch McConnellAddison (Mitch) Mitchell McConnellGOP strategist donates to Alabama Democrat McConnell names Senate GOP tax conferees Brent Budowsky: A plea to Alabama voters MORE (R-Ky.)Marco Antonio RubioRyan pledges ‘entitlement reform’ in 2018 Richard Gere welcomes lawmakers’ words of support for Tibet Dem lawmaker gives McConnell’s tax reform op-ed a failing grade MORE (R) and a former chief of staff to Senate Majority Leader

On Wednesday, the hacking group released emails targeting Olympic organizations, just weeks before the beginning of the 2018 Winter Olympic Games in Seoul, South Korea.

The hackers reportedly hit Olympic organizations with the same tactic used on the Senate, as a separate cybersecurity firm discovered fake websites imitating the World Anti-Doping Agency, the U.S. Anti-Doping Agency, and the Olympic Council of Asia.

“These suspicious domains have consistencies with other previously identified Fancy Bear infrastructure and raise the question of a broader campaign against the upcoming 2018 winter games,” cybersecurity firm ThreatConnect said.

“At this time, we cannot confirm whether these domains have been used maliciously nor definitively tie them to Fancy Bear without additional data,” the firm said. “ThreatConnect has notified the spoofed organizations.”