Wed, 24 Oct 2018

U.S. Senate email system attacked by Russian hackers: Report

By Sheetal Sukhija, Pennsylvania State News
13 Jan 2018, 04:10 GMT+10

WASHINGTON, U.S. - A prominent cyber security firm has alleged that hackers linked to the Russian government have been launching brazen attacks on the U.S. Senate.

Unmasking a massive and potentially dangerous campaign led by the Russian hackers group called Fancy Bear, the cybersecurity firm Trend Micro said that the campaign including brazen attacks has lasted several months.

According to the report released by the firm, Russian government-aligned hackers who had penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate.

Trend Micro said in its explosive report released on Friday that the Fancy Bear group, whose hacking campaign scrambled the 2016 U.S. electoral contest, is still busy trying to gather the emails of America's political elite.

Feike Hacquebord, a security researcher at Trend Micro Inc. said in the report, "They're still very active — in making preparations at least — to influence public opinion again. They are looking for information they might leak later."

So far, the government wing responsible for the upper house's security, the Senate Sergeant at Arms office has not made any official comments on the report.

Hacquebord explained that the report was based on the discovery of a clutch of suspicious-looking websites dressed up to look like the U.S. Senate's internal email system. 

He said that he cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which the Tokyo-based firm calls "Pawn Storm."

According to the report called ‘Update on Pawn Storm: New Targets and Politically Motivated Campaigns, “In the second half of 2017 Pawn Storm, an extremely active espionage actor group, didn’t shy away from continuing their brazen attacks.”

It noted that the hackers, starting in June 2017, set up phishing sites mimicking the Active Directory Federation Services of the U.S. Senate.

It said, “The real ADFS server of the U.S. Senate is not reachable on the open internet, however phishing of users’ credentials on an ADFS server that is behind a firewall still makes sense. In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest."

Previously, Trend Micro drew international attention when it used an identical technique to uncover a set of decoy websites apparently set up to harvest emails from the French presidential candidate Emmanuel Macron's campaign in April 2017. 

Discovery made by the company came two months later by a still-unexplained publication of private emails from several Macron staffers in the final days of the race.

According to Hacquebord, that discovery was significant as the rogue Senate sites — which were set up in June and September of 2017 — matched their French counterparts.

He said, “That is exactly the way they attacked the Macron campaign in France.”

For years now, the cybersecurity firm, Trend Micro has followed Fancy Bear and its global activities - so while attribution is extremely tricky in the world of cybersecurity, considering hackers routinely use misdirection and red herrings to fool their adversaries, the company’s latest revelation leaves little doubt about its authenticity.

Rik Ferguson, one of the Hacquebord's colleagues at Trend Micro even confirmed, "We are 100 percent sure that it can be attributed to the Pawn Storm group.

While Trend Micro, like many cybersecurity firms, refuses to speculate publicly on who is behind such groups, referring to Pawn Storm only as having "Russia-related interests,” the U.S. intelligence community alleges that Russia's military intelligence service pulls the hackers' strings and a months-long Associated Press investigation into the group.

It draws on a vast database of targets supplied by the cybersecurity firm Secureworks and has determined that the group is closely attuned to the Kremlin's objectives.

This, however, isn’t the first time that Fancy Bear has targeted the Senate. 

An analysis conducted by the Associated Press, of Secureworks' list reportedly revealed that several staffers there were targeted between 2015 and 2016, including Robert Zarate, who is currently the foreign policy adviser to Florida Senator Marco Rubio; Josh Holmes, a former chief of staff to Senate Majority Leader Mitch McConnell who now runs a Washington consultancy; and Jason Thielman, the chief of staff to Montana Senator Steve Daines.

Sign up for Pennsylvania State News

a daily newsletter full of things to discuss over drinks.and the great thing is that it's on the house!