In 2016, Russia-linked hackers known collectively as “Fancy Bear” set their sights on any number of high-profile targets in the United States, ranging from Hillary Clinton’s presidential campaign to the Democratic National Committee.
In the middle of 2017, it appears the same hackers spied a new target: the U.S. Senate.
That’s the conclusion of a new report from Trend Micro, a Tokyo-based cybersecurity firm. On Friday, researcher Feike Hacquebord described how his firm uncovered a host of phishing sites set up to purposely mimic the Senate’s Active Directory Federation Services (ADFS). The sites, as Hacquebord noted, carried similar “digital fingerprints” to those of previous Fancy Bear hacking attempts, a retinue of operations that spans nearly five years.
While the Senate’s ADFS server is inaccessible from the open internet, wrote Hacquebord, the hackers appeared to be using the fraudulent sites to phish users’ credentials – which would effectively allow the hackers access to the Senate’s internal email system. Noted Hacquebord, “In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest.” As he later told AP, in a reprise of the 2016 hacks, the Fancy Bear operations are “looking for information they might leak later.”
To be sure, this wouldn’t be the first time the group – which Trend Micro dubs “Pawn Storm,” and which is closely linked with Russia’s foreign intelligence agency – has set its sights on the Senate. Numerous Senate staffers, including Republican officials, saw hacking attempts before the 2016 election. But the revelations illustrate how, despite increased sanctions against Moscow over the past year, Russia-linked hackers have hardly slowed their operations – and may well have expanded their efforts.
The reveal also comes alongside a new flush of hacked emails, stolen from both the International Olympic Committee and U.S. Olympic Committee. Given Russia’s recent doping-related ban from the upcoming PyeongChang Winter Olympics – the first time Moscow has ever been barred from participating in the Games – the Olympic-related targets are hardly surprising. But, as Trend Micro further found, the hacking targets affiliated with the Olympics were spread wide, ranging from the International Biathlon Union to the International Bobsleigh and Skeleton Federation to the International Ski Federation.
Are you ready for some new stuff? pic.twitter.com/BAeveVVpUL
— Fancy Bears' HT (@FancyBears) January 10, 2018
The hacked emails have caused little splash outside Russia, all the more given they fact that their authenticity remains unclear. (Russian hackers have a history of fabricating false information in such hacks before.) Nonetheless, the hackers, in an odd, rambling statement, made their targets clear, slamming the “Anglo-Saxons” guilty for sidelining Russia: “This is far from the real fair play spirit the Anglo-Saxons claim to protect.”