The Russian group that hacked the DNC have repeatedly attempted to hack the US senate system – according to the cybersecurity firm tracking their movements.
Pawn Storm, the hacking group aligned to the Russian government that penetrated the Democratic National Committee, has mounted additional “brazen attacks” over the past eight months, including persistent targeting of the U.S. Senate internal email system, according to a cybersecurity firm that has tracked their progress.
A report released Friday by Trend Micro said the hackers, also known as Fancy Bear, had also targeted several Winter Olympics organizations, notably after Russia was excluded from the Games because over doping allegations.
“In the second half of 2017 Pawn Storm, an extremely active espionage actor group, didn’t shy away from continuing their brazen attacks,” according to the report, entitled “Update on Pawn Storm: New Targets and Politically Motivated Campaigns.”
Trend Micro. Inc. says the hackers, starting in June 2017, set up phishing sites mimicking the Active Directory Federation Services of the U.S. Senate.
“The real ADFS server of the U.S. Senate is not reachable on the open internet, however phishing of users’ credentials on an ADFS server that is behind a firewall still makes sense,” the report says. “In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest.”
One type of email used by the hackers is supposedly a message from the target’s Microsoft Exchange server about an expired password. The other says there is a new file on the company’s OneDrive system.
“They’re very sophisticated at social engineering, they’re very good at making things look legitimate,” said Mark Nunnikhoven, vice president of cloud research at Trend Micro.
The victim would attempt to log in through the fake emails and get an error message. “Attackers rely on the fact that people are used to getting error messages. They grumble about IT services, give up or maybe try on their phone. Either way, the attackers now have their credentials,” Nunnikhoven said.
Trend Micro alerted the FBI and offered support. Nunnikhoven could not comment on the success or failure of the attack, or the FBI’s involvement, because it…