The suspected Russian hackers behind the breach of the Democratic National Committee (DNC) is now targeting the US Senate, according to new research from cybersecurity firm Trend Micro.
According to findings from Trend Micro, the Russian state-linked hacking group known as “Fancy Bear” has been establishing faux websites that purport to be the Senate’s login server in the hopes of tricking staffers into entering their Senate credentials. A common phishing scam, this particular attempt is notable, as the report suggests, for the Kremlin’s attempts in laying the groundwork toward a comprehensive compromise of the ADFS (Active Directory Federation Services) of the US Senate.
The fake websites are purporting to be the login page of the Senate’s email server, which runs on a Windows platform. While the real Senate login page isn’t accessible publicly, it can be accessed by Senate staffers using their internal network. However, the security researchers are in agreement that the Kremlin’s move makes sense as an early preparatory step.
“In case an actor already has a foothold in an organization after compromising one user account,” researchers wrote, adding that “credential phishing could help him get closer to high profile users of interest.”
The report also adds that Fancy Bear hackers have been targeting Olympic sports organizations, particularly after a ban on Russian athletes from participating in the upcoming winter Olympics. Several Russian Olympians have also been banned for life.
The targeted campaign against the US Senate was first noticed in June 2017 and the digital fingerprints inherent in the phishing sites are similar to “a couple of Pawn Storm incidents in 2016 and 2017” researchers added.
In a warning, they added:
Rogue political influence campaigns are not likely to go away in the near future. Political organizations have to be able to communicate openly with their voters, the press and the general public. This makes them vulnerable to hacking and spear phishing.
Image credit: Pixabay.