A private research firm just discovered that Russia-linked hackers from the “Fancy Bear” group are using the same techniques they used to attack last year’s French elections to attack the United States Senate.
Trend Micro’s senior threat researcher Feike Hacquebord published a report explaining that what he terms “Operation Pawn Storm” which involves a series of email phishing attacks around the world.
He explains that the Russia-linked Fancy Bear hacking group is run by Russian military intelligence and that the American intelligence community publicly named them as the perpetrators of 2016 election interference during the election. The AP explains:
The same Russian government-aligned hackers who penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate, a cybersecurity firm said Friday.
The revelation suggests the group often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 U.S. electoral contest, is still busy trying to gather the emails of America’s political elite.
Trend Micro’s reports include samples of the fake emails begging fake password resets for Microsoft products like One Drive and the Exchange email server, noting that Fancy Bear’s tactics and strategy are little changed over the years.
Russia’s hackers depend on misdirection and uninformed targets to succeed in their online attacks, re-using the same basic tools around the world.
Hacquebord’s story even goes into specific detail of Fancy Bear’s activities aimed at the U.S. Senate, which involved creating semi-public versions of the private email security servers in Congress. He wrote:
Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the U.S. Senate. By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017.
Pawn Storm has been attacking political organizations in France, Germany, Montenegro, Turkey, Ukraine, and the United States since 2015. We saw attacks against political organizations again in the second half of 2017. These attacks don’t show much technical innovation over time, but they are well prepared, persistent, and often hard to defend against. With the Olympics and several significant global elections taking place in 2018, we can be sure Pawn Storm’s activities will continue.
Russian election interference in America is a real problem, even though most Republican lawmakers seem more interested in investigating the authors of the Trump-Russia dossier or attacking Hillary Clinton than defending America from these attacks or governing.
Putin’s attempts to influence American voters are solely aimed at harming our country’s real-world interests.
That’s why FBI Director James Comey testified to Congress last June that Russia’s assistance to Donald Trump in the 2016 elections wasn’t the end of their attacks on America’s democracy, but only the beginning.
Watch James Comey’s June Congressional testimony here:
