According to cybersecurity firm Trend Micro, the Russian government-linked hackers are working on a plan to breach email systems used by the U.S. Senate ahead of what will likely be a contentious 2018 midterm. The group appears to be Fancy Bear, the same responsible for infiltrating email servers of the Democratic National Party ahead of last year's presidential election.
“They’re still very active — in making preparations at least — to influence public opinion again,” said Feike Hacquebord, a security researcher at Trend Micro Inc., which published the report . “They are looking for information they might leak later.”
The groundwork being laid in this case mimics methods used to gain access to French presidential candidate Emmanuel Macron’s email during his presidential campaign in April of 2017.
Hacquebord said he based his report on the discovery of a clutch of suspicious-looking websites dressed up to look like the U.S. Senate’s internal email system. He then cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which his Tokyo-based firm dubs “Pawn Storm.”
“That is exactly the way they attacked the Macron campaign in France,” he said.
Along with targeting the U.S. Senate, Fancy Bear has also taken interest in the Olympics:
Trend Micro’s report said the group had set up infrastructure aimed at collecting emails from a series of Olympic winter sports federations, including the International Ski Federation, the International Ice Hockey Federation, the International Bobsleigh & Skeleton Federation, the International Luge Federation and the International Biathlon Union.
At present, it is unclear as to whether the hackers have had or will find success, as well as whether or not any emails will be published even if they are obtained.
Ahead of Germany's election last year, Fancy Bear warned that emails could be released, but none went public.
On the other hand, the group has previously dumped at least one U.S. legislator’s correspondence onto the web.
One of the targets on Secureworks’ list was Colorado State Senator Andy Kerr, who said thousands of his emails were posted to an obscure section of the website DCLeaks — a web portal better known for publishing emails belonging to retired Gen. Colin Powell and various members of Hillary Clinton’s campaign — in late 2016.