The same Russian government-aligned hackers who penetrated the US Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the US Senate, a cybersecurity firm said in a report on Friday.
The revelation suggests the group often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 US electoral contest, is still busy trying to gather the e-mails of the US’ political elite.
“They’re still very active — in making preparations at least — to influence public opinion again,” said Feike Hacquebord, a security researcher at Trend Micro Inc, who authored the report. “They are looking for information they might leak later.”
The Sergeant at Arms of the US Senate office, which is responsible for the upper house’s security, declined to comment, but US Senator Ben Sasse said it was time for US Attorney General Jeff Sessions to return to US Congress to say what action had been taken to help ensure lawmakers’ digital safety.
“The Administration needs to take urgent action to ensure that our adversaries cannot undermine the framework of our political debates,” he said in a statement.
Trend Micro based its report on the discovery of a clutch of suspicious-looking Web sites dressed up to look like the US Senate’s internal e-mail system.
The Tokyo-based firm then cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which it dubs “Pawn Storm.”
Trend Micro previously drew international attention when it used an identical technique to uncover a set of decoy Web sites apparently set up to harvest e-mails from then-French presidential candidate Emmanuel Macron’s campaign in April last year.
The sites’ discovery was followed two months later by a still-unexplained publication of private e-mails from several Macron staffers in the final days of the race.
The rogue US Senate sites — which were set up in June and September last year — matched their French counterparts, Hacquebord said.
“That is exactly the way they attacked the Macron campaign in France,” he said.
Attribution is extremely tricky in the world of cybersecurity, where hackers routinely use misdirection and red herrings to fool their adversaries, but Tend Micro, which has followed Fancy Bear for years, said there could be no doubt.
“We are 100 percent sure that it can attributed to the Pawn Storm group,” said Rik Ferguson, one of the Hacquebord’s colleagues.
Like many cybersecurity companies, Trend Micro refuses to speculate publicly on who is behind such groups, referring to Pawn Storm only as having “Russia-related interests.”
However, the US intelligence community alleges that Russia’s military intelligence service pulls the hackers’ strings and a months-long Associated Press (AP) investigation into the group, drawing on a vast database of targets supplied by the cybersecurity firm Secureworks, has determined that the group is closely attuned to the Kremlin’s objectives.
If Fancy Bear has targeted the US Senate over the past few months, it would not be the first time. An AP analysis of Secureworks’ list shows that several US Senate staffers there were targeted between 2015 and 2016, but interests are not limited to US politics; the group also appears to have the Olympics in mind.
Trend Micro’s report said the group had set up infrastructure aimed at collecting e-mails from a series of Olympic winter sports federations, including the International Ski Federation, the International Ice Hockey Federation, the International Bobsleigh and Skeleton Federation, the International Luge Federation and the International Biathlon Union.
The targeting of Olympic groups comes as relations between Russia and the International Olympic Committee are particularly fraught.
Russian athletes are being forced to compete under a neutral flag in the upcoming Pyeongchang Olympics in South Korea following an extraordinary doping scandal that has seen 43 athletes and several Russian officials banned for life.
Amid speculation that Russia could retaliate by orchestrating the leak of prominent Olympic officials’ e-mails, cybersecurity firms including McAfee and ThreatConnect have picked up on signs that state-backed hackers are making moves against winter sports staff and anti-doping officials.
On Wednesday, a group that has brazenly adopted the Fancy Bear nickname began publishing what appeared to be Olympics — and doping-related e-mails from between September 2016 and March last year.
The contents were largely unremarkable, but their publication was covered extensively by Russian state media and some read the leak as a warning to Olympic officials not to press Moscow too hard over the doping scandal.
Whether any US Senate e-mails could be published in such a way is not clear. Previous warnings that German lawmakers’ correspondence might be leaked by Fancy Bear ahead of last year’s election there appear to have come to nothing.
On the other hand, the group has previously dumped at least one US legislator’s correspondence onto the Web.
One of the targets on Secureworks’ list was US Senator Andy Kerr, who said thousands of his e-mails were posted to an obscure section of the Web site DCLeaks — a Web portal better known for publishing e-mails belonging to retired General Colin Powell and various members of former US Secretary of State Hillary Rodham Clinton’s US presidential campaign — in late 2016.
Kerr said he was still bewildered as to why he was targeted.
While he supported transparency, “there should be some process and some system to it,” Kerr added.
SEEKING CHANGE: A hospital worker said she did not vote in previous elections, but ‘now I can see that maybe my vote can change the system and the country’ Voting closed yesterday across the Solomon Islands in the south Pacific nation’s first general election since the government switched diplomatic allegiance from Taiwan to Beijing and struck a secret security pact that has raised fears of the Chinese navy gaining a foothold in the region. The Solomon Islands’ closer relationship with China and a troubled domestic economy weighed on voters’ minds as they cast their ballots. As many as 420,000 registered voters had their say across 50 national seats. For the first time, the national vote also coincided with elections for eight of the 10 local governments. Esther Maeluma cast her vote in the
Nearly half of China’s major cities are suffering “moderate to severe” levels of subsidence, putting millions of people at risk of flooding, especially as sea levels rise, according to a study of nationwide satellite data released yesterday. The authors of the paper, published by the journal Science, found that 45 percent of China’s urban land was sinking faster than 3mm per year, with 16 percent at more than 10mm per year, driven not only by declining water tables, but also the sheer weight of the built environment. With China’s urban population already in excess of 900 million people, “even a small portion
UNSETTLING IMAGES: The scene took place in front of TV crews covering the Trump trial, with a CNN anchor calling it an ‘emotional and unbelievably disturbing moment’ A man who doused himself in an accelerant and set himself on fire outside the courthouse where former US president Donald Trump is on trial has died, police said yesterday. The New York City Police Department (NYPD) said the man was declared dead by staff at an area hospital. The man was in Collect Pond Park at about 1:30pm on Friday when he took out pamphlets espousing conspiracy theories, tossed them around, then doused himself in an accelerant and set himself on fire, officials and witnesses said. A large number of police officers were nearby when it happened. Some officers and bystanders rushed
HYPOCRISY? The Chinese Ministry of Foreign Affairs yesterday asked whether Biden was talking about China or the US when he used the word ‘xenophobic’ US President Joe Biden on Wednesday called for a hike in steel tariffs on China, accusing Beijing of cheating as he spoke at a campaign event in Pennsylvania. Biden accused China of xenophobia, too, in a speech to union members in Pittsburgh. “They’re not competing, they’re cheating. They’re cheating and we’ve seen the damage here in America,” Biden said. Chinese steel companies “don’t need to worry about making a profit because the Chinese government is subsidizing them so heavily,” he said. Biden said he had called for the US Trade Representative to triple the tariff rates for Chinese steel and aluminum if Beijing was