Rus­sian hack­ers tar­get­ing US Se­nate email ac­counts: Re­port

The Hitavada - - WORLD -

A HACK­ING group al­legedly as­so­ci­ated with the Rus­sian gov­ern­ment is ac­tively tar­get­ing the US Se­nate’s in­ter­nal email sys­tem since June 2017, a cy­ber se­cu­rity firm claimed on Satur­day.

Ac­cord­ing to Ja­panese cy­ber­se­cu­rity firm Trend Mi­cro, this is the same group that hacked into the Demo­cratic Na­tional Com­mit­tee (DNC) in 2016.

The hack­ers’ ac­tiv­i­ties be­gan in June 2017 when they at­tempted to com­pro­mise a law­maker’s cre­den­tials through a phish­ing site de­signed to look like the Se­nate’s in­ter­nal email sys­tem.

“Be­gin­ning in June 2017, phish­ing sites were set up mim­ick­ing the ADFS (Ac­tive Direc­tory Fed­er­a­tion Ser­vices) of the US Se­nate. By look­ing at the dig­i­tal fin­ger­prints of th­ese phish­ing sites and com­par­ing them with a large data set that spans al­most five years, we can uniquely re­late them to a cou­ple of ‘Pawn Storm’ in­ci­dents in 2016 and 2017,” the se­cu­rity com­pany said in a blog post.

“The real ADFS server of the US Se­nate is not reach­able on the open in­ter­net, how­ever phish­ing of users’ cre­den­tials on an ADFS server that is be­hind a fire­wall still makes sense. In case an ac­tor al­ready has a foothold in an or­ga­ni­za­tion af­ter com­pro­mis­ing one user ac­count, cre­den­tial phish­ing could help him get closer to high pro­file users of in­ter­est,” it added.

Trend Mi­cro’s re­port fo­cuses on the ef­forts of a hack­ing group called “Pawn Storm” -- “an ex­tremely ac­tive es­pi­onage ac­tor group” more com­monly known as “Fancy Bear”.

Cy­ber­se­cu­rity firm CrowdStrike has deemed the group a “Rus­sian-based threat ac­tor” with likely ties to Rus­sian mil­i­tary in­tel­li­gence, Tech Crunch re­ported.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.