The revelation comes out of a new report from Trend Micro, a Japanese firm that has revealed similar phishing schemes taking aim at foreign governments in the past. As the security report details, the activity began in June 2017 and attempted to compromise a lawmaker’s credentials through a phishing site designed to look like the Senate’s internal email system.
According to a new report, the same group that hacked the Democratic National Committee actively targeted the U.S. Senate through the latter half of 2017.
Trend Micro describes the nature of the attacks:
Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the U.S. Senate. By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017.
The real ADFS server of the U.S. Senate is not reachable on the open internet, however phishing of users’ credentials on an ADFS server that is behind a firewall still makes sense. In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest.
Trend Micro’s report focuses on the efforts of a hacking group it calls Pawn Storm, “an extremely active espionage actor group” more commonly known as Fancy Bear. Cybersecurity firm CrowdStrike has deemed the group a “Russian-based threat actor” with likely ties to Russian military intelligence.
While there’s a tendency to speak of the DNC hack and Russian disinformation efforts in the past tense, as we learn about them, Trend Micro’s report underlines the active, ongoing nature of threats to U.S. political systems — one that’s only going to escalate as we move into 2018’s U.S. midterm elections.