Vladimir Putin’s war against American democracy did not end with Donald Trump. Cybersecurity company Trend Micro, Inc. says the same Russian hackers who targeted the Democratic Party have also been trying to hack United States Senate email systems.
“Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the U.S. Senate,” the company says in a new report about the hacking group they call “Pawn Storm.”
Like similar firms, Trend Micro has been shadowing these hackers for a long time. “Pawn Storm’s modus operandi is quite consistent over the years, with some of their technical tricks being used repeatedly.”
“By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017,” they explain.
The real ADFS server of the U.S. Senate is not reachable on the open internet, however phishing of users’ credentials on an ADFS server that is behind a firewall still makes sense. In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest.
Better known as “Fancy Bear” or APT28, Pawn Storm is almost certainly a Russian military intelligence unit. “The sheer volume of their attacks requires careful administration, planning, and organization” — a military staff — “to succeed,” Trend Micro Senior Threat Researcher Feike Hacquebord says.
While Haqcebord does not assess whether Putin controls Pawn Storm, he notes that their global cyber espionage activities have consistently and exclusively served Putin’s ends.
For example, Fancy Bear/Pawn Storm has targeted the International Olympic Committee and the World Anti-Doping Agency. Just this week, someone actually calling themselves Fancy Bear released emails stolen from those agencies as revenge for Russia’s exclusion from the Pyeongchang games next month.
Pawn Storm/Fancy Bear is also responsible for email phishing attempts against hundreds of journalists since 2014. According to Trend Micro, they have been “attacking political organizations in France, Germany, Montenegro, Turkey, Ukraine, and the United States since 2015.”
“The Senate Sergeant at Arms office, which is responsible for the upper house’s security, declined to comment” on the Trend Micro analysis, the Associated Press reports.
They note that Senate staffers also got hit in 2015 and 2016, including “Robert Zarate, now the foreign policy adviser to Florida Senator Marco Rubio; Josh Holmes, a former chief of staff to Senate Majority Leader Mitch McConnell who now runs a Washington consultancy; and Jason Thielman, the chief of staff to Montana Senator Steve Daines.”
“A Congressional researcher specializing in national security issues was also targeted.”
Last year, Senate Republicans passed sanctions legislation to punish Russia for their 2016 election meddling. The Trump administration has slow-walked implementation, however, just as they have systematically tried to drop existing sanctions.
Not only is Trump incapable of acknowledging this threat, his White House has actively undermined all efforts to do anything about it — effectively inviting more of the same behavior. Putin is only too happy to oblige.
Note to our readers: Please share/tweet our articles. Trump supporting trolls targeted our accounts and reported them en masse, without cause. This triggered seemingly automatic suspensions. Twitter support has failed to address this issue. Thank you!