Japanese cybersecurity researchers say Russian hackers from a group known as "Fancy Bear" are targeting the U.S. Senate with a new espionage campaign.
According to The Associated Press, cybersecurity firm Trend Micro has discovered a chain of suspicious-looking websites that have been set up to look like the Senate's internal email system. The Tokyo-based firm says they learned the sites were being operated as a "honeypot", and was part of an email-harvesting operation.
"Fancy Bear," a group that has been linked to Russia's military intelligence service the GRU, was reportedly behind the fake websites. The group has also been implicated by U.S. intelligence agencies as being part of the hack into the Democratic National Committee ahead of the 2016 election.
In a blog post about the attack, Trend Micro describes how the websites can attempt to gather the emails of American senators.
Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the U.S. Senate. By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017.
Trend Micro also warned of bad actors taking advantage of social media sites and their algorithms, which they say is susceptible to abuse.
While a successful influence campaign might seem relatively easy to do, it needs a lot of planning, persistence, and resources to be successful. Some of the basic tools and services, like ones used to spread fake news on social media, are already being offered as a service in the underground economy.
The U.S. Senate wasn't the only target for Russian hackers. The report says the group also set up websites aimed at collecting emails from political organizations in France, Germany, Montenegro, Turkey, and Ukraine.