Russian hacking group 'targeting US Senate'
The Russian government-aligned hackers who penetrated the Democratic Party in the US have spent the past few months laying the groundwork for an espionage campaign against the Senate, a cybersecurity firm has said.
The revelation suggests the group, often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 US electoral contest, is trying to gather the emails of America's political elite.
"They're still very active - in making preparations at least - to influence public opinion again," said Feike Hacquebord, a security researcher at Trend Micro, which published the report.
"They are looking for information they might leak later."
The Senate Sergeant at Arms office, which is responsible for the upper house's security, declined to comment.
Mr Hacquebord said he based his report on the discovery of a clutch of suspicious-looking websites dressed up to look like the Senate's internal email system.
He then cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which his Tokyo-based firm dubs "Pawn Storm".
Trend Micro previously drew international attention when it used the technique to uncover decoy websites apparently set up to harvest emails from Emmanuel Macron's French presidential campaign last April.
The discovery was followed two months later by a still-unexplained publication of private emails from several Macron staffers in the final days of the race.
Mr Hacquebord said the rogue Senate sites - set up in June and September 2017 - matched their French counterparts.
"That is exactly the way they attacked the Macron campaign in France," he said.
Attribution is extremely tricky in the world of cybersecurity, where hackers routinely use misdirection and red herrings to fool their adversaries, but Tend Micro, which has followed Fancy Bear for years, said there could be no doubt.
"We are 100% sure that it can be attributed to the Pawn Storm group," said Rik Ferguson, one of Mr Hacquebord's colleagues.
Like many cybersecurity companies, Trend Micro refuses to speculate publicly on who is behind such groups, referring to Pawn Storm only as having "Russia-related interests".
But the US intelligence community alleges that Moscow's military intelligence service pulls the hackers' strings and a months-long Associated Press investigation into the group, drawing on a vast database of targets supplied by the cybersecurity firm Secureworks, has determined that the group is closely attuned to the Kremlin's objectives.
If Fancy Bear has targeted the Senate over the past few months, it would not be the first time. An AP analysis of Secureworks' list shows that several staff there were targeted between 2015 and 2016.
Among them were Robert Zarate, now the national security adviser to Florida senator Marco Rubio; Josh Holmes, a former chief of staff to Senate majority leader Mitch McConnell who now runs a Washington consultancy; and Jason Thielman, the chief of staff to Montana senator Steve Daines.
A Congressional researcher specialising in national security issues was also targeted.
Fancy Bear's interests are not limited to US politics; the group also appears to have the Olympics in mind.
Trend Micro's report said the group had set up infrastructure aimed at collecting emails from a series of Olympic winter sports federations, including the International Ski Federation, the International Ice Hockey Federation, the International Bobsleigh & Skeleton Federation, the International Luge Federation and the International Biathlon Union.
The targeting of Olympic groups comes as relations between Russia and the International Olympic Committee are particularly fraught.
Russian athletes are being forced to compete under a neutral flag in the upcoming Pyeongchang Olympics following an extraordinary doping scandal that has seen 43 athletes and several Russian officials banned for life.
Amid speculation that Russia could retaliate by orchestrating the leak of prominent Olympic officials' emails, cybersecurity firms including McAfee and ThreatConnect have picked up on signs that state-backed hackers are making moves against winter sports staff and anti-doping officials.