Russia-linked hackers targeting US Senate

Russian hackers from the group known as "Fancy Bear" are targeting the U.S. Senate with a new espionage campaign, according to cybersecurity firm Trend Micro.

The Tokyo-based cybersecurity group tells The Hill that it has discovered a chain of suspicious-looking websites set up to look like the U.S. Senate’s internal email system, and learned that the sites were being operated as part of an email-harvesting operation.

The websites were reportedly set up by Fancy Bear, a group linked to Russia’s military intelligence agency, the GRU. The group has been implicated in the hack of the Democratic National Committee ahead of the 2016 presidential election.

The Associated Press first reported Trend Micro's findings.


The tactic used by Fancy Bear's hackers to obtain Senate emails is "identical" to an operation carried out against French President Emmanuel Macron during the French elections last year, which led to the publication of Macron's campaign emails two months later.

"That is exactly the way they attacked the Macron campaign in France,” Feike Hacquebord, an analyst at Trend Micro, said.

“We are 100 percent sure that it can be attributed to the Pawn Storm group,” said another analyst at the firm, using another code name for the Fancy Bear hacking group.

The websites targeting the U.S. Senate were set up in June and September of 2017. The Senate Sergeant at Arms office, which handles security for the upper chamber, declined to comment to the AP for the story.

This isn't the first time the Senate has been targeted by hackers. In 2015 and 2016, the AP reports that a number of congressional staffers were targeted by malicious actors, including a top advisor to Florida Sen. Marco RubioMarco Antonio RubioOvernight Cybersecurity: Bipartisan bill aims to deter election interference | Russian hackers target Senate | House Intel panel subpoenas Bannon | DHS giving 'active defense' cyber tools to private sector Senators unveil bipartisan push to deter future election interference Puerto Rico's children need recovery funds MORE (R) and a former chief of staff to Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellSessions: 'We should be like Canada' in how we take in immigrants NSA spying program overcomes key Senate hurdle Overnight Finance: Lawmakers see shutdown odds rising | Trump calls for looser rules for bank loans | Consumer bureau moves to revise payday lending rule | Trump warns China on trade deficit MORE (R-Ky.)

On Wednesday, the hacking group released emails targeting Olympic organizations, just weeks before the beginning of the 2018 Winter Olympic Games in Pyeongchang, South Korea.

The hackers reportedly hit Olympic organizations with the same tactic used on the Senate. A separate cybersecurity firm discovered fake websites imitating the World Anti-Doping Agency, the U.S. Anti-Doping Agency, and the Olympic Council of Asia.

“These suspicious domains have consistencies with other previously identified Fancy Bear infrastructure and raise the question of a broader campaign against the upcoming 2018 Winter Games,” cybersecurity firm ThreatConnect said. 

“At this time, we cannot confirm whether these domains have been used maliciously nor definitively tie them to Fancy Bear without additional data,” the firm said. “ThreatConnect has notified the spoofed organizations.”