US Senate Targeted by Russian Hackers, Experts Say

by Kate Conger

Members of the United States Senate are the latest American politicians to be targeted by Russian hackers, according to a report by the cybersecurity firm Trend Micro.

The company claims that the hacking group sometimes nicknamed Fancy Bear—the same group believed to be behind the hack of the Democratic National Committee in 2016—is now targeting Senators’ email accounts.

The group uses a sophisticated combination of social engineering techniques, malware, and exploits to steal data, according to Trend Micro. In June 2017, the group (which Trend Micro refers to as Pawn Storm) set up phishing domains that mimicked the login pages for the Senate email system.

Trend Micro has previously uncovered similar phishing sites that targeted French and Iranian government officials. The sites are designed to steal passwords and enable hackers to log into politicians’ email accounts.

Even though the Senate’s real email login page isn’t accessible over the open internet, Trend Micro says the stolen passwords could still be used by hackers. From the firm’s report:

Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the U.S. Senate. By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017. The real ADFS server of the U.S. Senate is not reachable on the open internet, however phishing of users’ credentials on an ADFS server that is behind a firewall still makes sense. In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest.

Feike Hacquebord, a security researcher at Trend Micro, told the Associated Press that the campaign is likely an effort to steal and leak political emails. “They’re still very active—in making preparations at least—to influence public opinion again,” he said. “They are looking for information they might leak later.”

It’s not the first time that concerns about the cybersecurity of the Senate have been raised. Last year, Sen. Ron Wyden pressed his colleagues to enable two-factor authentication on Senate email accounts to help prevent phishing attacks.

“The Senate is far behind when it comes to implementing basic cybersecurity practices like two-factor authentication,” Sen. Wyden wrote in an April 2017 letter. “Today, the Senate neither requires nor offers two-factor authentication as an additional protection for desktop computers and email accounts.”