Russia-linked hackers targeting US Senate

Russian hackers from the group known as "Fancy Bear" are targeting the U.S. Senate with a new espionage campaign, according to cybersecurity firm Trend Micro.

The Tokyo-based cybersecurity group tells The Hill that it has discovered a chain of suspicious-looking websites set up to look like the U.S. Senate’s internal email system, and learned that the sites were being operated as part of an email-harvesting operation.

The websites were reportedly set up by Fancy Bear, a group linked to Russia’s military intelligence agency, the GRU. The group has been implicated in the hack of the Democratic National Committee ahead of the 2016 presidential election.

The Associated Press first reported Trend Micro's findings.


The tactic used by Fancy Bear's hackers to obtain Senate emails is "identical" to an operation carried out against French President Emmanuel Macron during the French elections last year, which led to the publication of Macron's campaign emails two months later.

"That is exactly the way they attacked the Macron campaign in France,” Feike Hacquebord, an analyst at Trend Micro, said.

“We are 100 percent sure that it can be attributed to the Pawn Storm group,” said another analyst at the firm, using another code name for the Fancy Bear hacking group.

The websites targeting the U.S. Senate were set up in June and September of 2017. The Senate Sergeant at Arms office, which handles security for the upper chamber, declined to comment to the AP for the story.

This isn't the first time the Senate has been targeted by hackers. In 2015 and 2016, the AP reports that a number of congressional staffers were targeted by malicious actors, including a top advisor to Florida Sen. Marco RubioMarco Antonio RubioHillicon Valley: Democrats introduce bill to hold platforms accountable for misinformation during health crises | Website outages hit Olympics, Amazon and major banks Senators introduce bipartisan bill to secure critical groups against hackers Hillicon Valley: Senators introduce bill to require some cyber incident reporting | UK citizen arrested in connection to 2020 Twitter hack | Officials warn of cyber vulnerabilities in water systems MORE (R) and a former chief of staff to Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellS.E. Cupp: 'The politicization of science and health safety has inarguably cost lives' Poll: Potential Sununu-Hassan matchup in N.H. a dead heat  Business groups urge lawmakers to stick with bipartisan infrastructure deal MORE (R-Ky.)

On Wednesday, the hacking group released emails targeting Olympic organizations, just weeks before the beginning of the 2018 Winter Olympic Games in Pyeongchang, South Korea.

The hackers reportedly hit Olympic organizations with the same tactic used on the Senate. A separate cybersecurity firm discovered fake websites imitating the World Anti-Doping Agency, the U.S. Anti-Doping Agency, and the Olympic Council of Asia.

“These suspicious domains have consistencies with other previously identified Fancy Bear infrastructure and raise the question of a broader campaign against the upcoming 2018 Winter Games,” cybersecurity firm ThreatConnect said. 

“At this time, we cannot confirm whether these domains have been used maliciously nor definitively tie them to Fancy Bear without additional data,” the firm said. “ThreatConnect has notified the spoofed organizations.”