Russian hackers targeting US Senate email accounts: Report
A HACKING group allegedly associated with the Russian government is actively targeting the US Senate’s internal email system since June 2017, a cyber security firm claimed on Saturday.
According to Japanese cybersecurity firm Trend Micro, this is the same group that hacked into the Democratic National Committee (DNC) in 2016.
The hackers’ activities began in June 2017 when they attempted to compromise a lawmaker’s credentials through a phishing site designed to look like the Senate’s internal email system.
“Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the US Senate. By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of ‘Pawn Storm’ incidents in 2016 and 2017,” the security company said in a blog post.
“The real ADFS server of the US Senate is not reachable on the open internet, however phishing of users’ credentials on an ADFS server that is behind a firewall still makes sense. In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest,” it added.
Trend Micro’s report focuses on the efforts of a hacking group called “Pawn Storm” -- “an extremely active espionage actor group” more commonly known as “Fancy Bear”.
Cybersecurity firm CrowdStrike has deemed the group a “Russian-based threat actor” with likely ties to Russian military intelligence, Tech Crunch reported.