The U.S. Senate was recently targeted by hackers blamed with breaching the Democratic Party in 2016, cybersecurity researchers warned Friday, paving the way for a possible repeat of the election meddling witnessed during the last presidential race.
Known by pseudonyms including Fancy Bear and Pawn Storm, the hackers began registering bogus websites in June 2017 mimicking the U.S. Senate’s Active Directory Federation Services (ADFS), the chamber’s internal email system, as part of a phishing expedition intended to trick targets into disclosing their legitimate log-in credentials, according to Trend Micro, a Tokyo-based cybersecurity firm.
While Senate emails are safeguarded by security measures meant to prevent unauthorized access, cybercriminals — and sophisticated, state-sponsored hackers, in particular — are nonetheless potentially capable of exploiting them to their advantage.
“The real ADFS server of the U.S. Senate is not reachable on the open internet, however phishing of users’ credentials on an ADFS server that is behind a firewall still makes sense. In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest,” Trend Micro senior threat researcher Feike Hacquebord wrote Friday.
Trend Micro didn’t tie the Senate attack to a particular nation-state, but the firm’s security experts said there’s links between the latest campaign and previous incidents implicating the same hacking group.
“By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017,” wrote Mr. Hacquebord.
Researchers have previously connected Pawn Storm to Russian military intelligence, and the hackers have been tied to specific, high-profile intrusions, notably including the Democratic National Committee breach that resulted in thousands of internal party emails being leaked online during the 2016 presidential race.
The U.S. intelligence community subsequently concluded that state-sponsored hackers breached the DNC and other targets as part of an election meddling campaign authorized by Russian President Vladimir Putin, and Moscow’s involvement is currently the subject of ongoing investigations in the House, Senate and Department of Justice.
Reaction to the revelations on Capitol Hill was swift and anti-Kremlin.
“Russia is just getting started and the hacks,” Sen. Ben Sasse, Nebraska Republican and a member of the Armed Services Committee, said in a statement Friday. “Forgeries, and influence campaigns are going to get more and more sophisticated. Moscow wants to undermine America’s trust in our institutions and Putin couldn’t be happier with Washington’s obsession with making everything about settling partisan scores instead of preparing for 2018 and 2020.”
Ten months until the 2018 midterms, security researchers warned of a possible repeat courtesy of the same hacking group.
“They’re still very active — in making preparations at least — to influence public opinion again,” Mr. Hacquebord told The Associated Press. “They are looking for information they might leak later.”
The Senate Sergeant at Arms office, which handles security for the upper house, declined to comment, AP reported.
The Kremlin has previously denied hacking U.S. targets.
Mr. Sasse added that law enforcement in Washington is well aware that the nation is “not doing enough to prepare for Russia’s next attack” and noted that Attorney General Jeff Sessions admitted as much during testimony before the Senate Judiciary committee last fall.
At an October 18 judiciary hearing, Mr. Sasse asked the attorney general, “do you think we’re doing enough to prepare for future interference by Russia and other foreign adversaries in the information space?”
“Probably not. We’re not,” Mr. Sessions replied. “And the matter is so complex that for most of us, we are not able to fully grasp the technical dangers that are out there.”