Russian Hackers Trying To Infiltrate US Senate

The suspected Russian hackers accused of breaching the Democratic National Committee and meddling in France’s presidential election are now targeting the US Senate, according to new research.

Since last June, the hacking group known as “Fancy Bear” has been setting up fake websites mimicking the Senate’s login server, hoping to trick Senate staffers into entering their credentials there, according to findings recently released by the cybersecurity firm Trend Micro.

The tactic, known as “phishing,” suggests that the Kremlin is laying the groundwork for a widespread compromise of Senate employees.

The fake websites were designed to look like the login page for the Senate’s email server, which runs on a Windows platform. The real Senate login page is not publicly accessible and can be reached only when users are on an internal Senate network. But Trend Micro researchers said the phishing campaign makes sense as a preparatory step.

“In case an actor already has a foothold in an organisation after compromising one user account,” researchers wrote, “credential phishing could help him get closer to high profile users of interest.”

The Trend Micro report also described how Fancy Bear hackers have been targeting Olympic sports organisations, and how they targeted Iranians ahead of that country’s 2017 presidential election.

Fancy Bear was one of two groups, along with “Cozy Bear,” that U.S. officials and researchers have blamed for hacking the DNC, the Democratic Congressional Campaign Committee and other mostly liberal targets in the run-up to the 2016 election.

Some of those hacks were technically sophisticated intrusions into computer servers. In other cases, Russian spies used the same strategy they are now using against the Senate, tricking victims, like Hillary Clinton campaign manager John Podesta, into typing their passwords into fake Gmail login portals.

According to the US intelligence community, Moscow then published the stolen emails and documents through front personas like the self-styled independent hacker “Guccifer 2.0” and the website DC Leaks.

In March 2017, weeks before French voters picked their next president, Trend Micro discovered that Fancy Bear had similarly set up websites designed to trick staffers of the centrist candidate Emmanuel Macron, who was running against a far-right politician who had Kremlin support. Emails from Macron’s political party leaked the day before the election, but Macron won anyway.

Politico:

You Might Also Read: 

Guide to Russian Infrastructure Hacking:

Hackers Came, But the French Were Prepared:

Hillary Clinton’s Cyber Warfare Warning:

 

 

 

« Cyber Attacks Will Continue to Succeed
What You Need to Know About The General Data Protection Regulation »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Blueliv

Blueliv

Blueliv is a leading provider of targeted cyber threat information and intelligence. We deliver automated and actionable threat intelligence to protect the enterprise and manage your digital risk.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

Karamba Security

Karamba Security

Karamba provide an IoT Security solution for ECUs in automobiles which ensures that all cars are protected (not just autonomous cars).

Jiran Security

Jiran Security

Jiran Security provides data and application security solution over email, mobile device and endpoints.

GOVCERT.lu

GOVCERT.lu

GOVCERT.lu is responsible for the treatment of all computer related incidents jeopardising the information systems of the government and defined critical infrastructure operators in Luxembourg.

PROOF

PROOF

PROOF is a Brazilian leader in cybersecurity. Our goal is to assist our Customers in managing security efficiently and in tune with business needs.

Blockchains LLC

Blockchains LLC

Blockchains is committed to changing the world for the better. Using blockchain and other innovative technologies, we’ll build new systems, new security, and new interactions.

Enet 1 Group1

Enet 1 Group1

Enet 1 Group audits, assesses, recommends, and delivers tested solutions for the ever-increasing threats to your critical systems and digital assets

Reflectiz

Reflectiz

Reflectiz empowers digital businesses to make all web applications safer by non-intrusively mitigating any website risks without a single line of code.

Titan Labs

Titan Labs

Titan Labs is a Cyber Security Consultancy that provides advice and technical expertise to government, international finance and telecommunications providers.

Analog Devices Inc (ADI)

Analog Devices Inc (ADI)

Analog Devices is uniquely positioned to deliver security at the edge, where the data is born, because our sensor solutions convert the physical, analog world into the digital world.

Bluefin Payment Systems

Bluefin Payment Systems

Bluefin is the recognized integrated payments leader in encryption and tokenization technologies that protect payments and sensitive data.

Sonar

Sonar

AI generated or written by humans, Sonar’s Clean Code Solutions cover your code quality needs, improving code reliability, maintainability, and security.

SecuCenter

SecuCenter

Secucenter is a trusted partner for SOC services, offering security expertise in a cost-effective way.

3DOT Solutions

3DOT Solutions

3DOT Solutions is an established UK cybersecurity consultancy focused on delivering end-to-end cyber security solutions for private and public sector customers.