Fancy Bear Hackers Target Information Of US Senators

USA

Reports from a US cybersecurity firm have revealed the latest exploits of Russian hacker group Fancy Bear, the infamous cybercriminal conglomerate implicated in breaching the communications of the Democratic National Committee during the 2016 presidential election.

Researchers at TrendMicro recently published their findings regarding an ongoing cyber espionage operation of Fancy Bear dubbed operation Pawn Storm after the classic chess strategy. According to the report, since July 2017 fake websites mimicking the active directories of US Senate connected sites have been appearing on the net. Analysis of various signatures on the site pages have lead TrendMicro to conclude that these sites are the work of Fancy Bear hackers: “By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017.”

The goal of these dummy sites was clearly to lure Senators and their personnel to attempt to login to their portals and accounts. Hackers would thereby be able to record their private authentication credentials.

Fancy Bear specializes in focused targeting methods and has shown an incredible amount of creativity in this regard recently. Last October, Fancy Bear hackers targeted individuals interested in military cybersecurity by using a document that appeared to contain information about the CyCon cybersecurity conference, a well-known event in the world of IT sponsored by the West Point military academy.

An earlier TrigTent piece covered the Fancy Bear hacking campaign that came in the wake of the ISIS-inspired car attack in New York City. The attack followed a classic phishing model, and consisted of an email containing a command to download malware on a word document titled "IsisAttackInNewYork.docx." If the recipient followed the command, a reconnaissance malware program known as Seduploader would then infect their device.

What is particularly disconcerting about this trend, and the most recent Senate-focused campaign in particular, is that Fancy Bear is almost certainly connected to Russian government elements. One of the strongest indications of this was the fact that Russian officials were linked to the actual release of communications and other documentation stolen during the DNC breach committed by Fancy Bear.

Factoring in this most recent revelation regarding Fancy Bear targeting US Senate personnel could very well mean that Moscow is attempting to hack federal government workers.   

Hacking campaigns targeting US political organizations have indeed been increasing at a rapid pace, with cybersecurity now becoming a major area of focus for these groups.

And the trend is not going to end.

The TrendMicro report concludes by asserting that the fake Senate sites are only one incident in a growing pattern of “politically motivated campaigns” in the US.

With any luck, the effort of US policymakers and the administration to bolster national cyber assets will include strengthening best practices of government personnel, to effectively meet this growing threat.

Around The Web