In Jan. 3, 2018 photo, the Capitol is seen in Washington. Newly published research shows that the same Russian government-aligned hackers who penetrated the Democratic y have spent the past six months laying the groundwork for an espionage campaign against an unknown number of U.S. Senate staffers, including the Republicans. (AP Photo/J. Scott Applewhite)
PARIS (AP) — The same Russian government-aligned hackers who penetrated the Democratic y have spent the past few months is to lay the foundation for an espionage campaign against the U.S. Senate, a cybersecurity company said Friday.
The revelation sets the group often been called Beautiful Bear, whose hacking campaign encrypted 2016 U.S. election contest is still busy with the collection of the e-mails of America’s political elite.
“They are still very active in making preparations, at least, to influence the public opinion,” said Feike Hacquebord, a security researcher at Trend Micro Inc., who published the report . “They are looking for information that they can leak later.”
The Senate Sergeant at Arms office, which is responsible for the top home security, declined to comment.
Hacquebord, ” he said on the basis of his report about the discovery of a link of suspicious sites dressed up to look like the AMERICAN Senate internal e-mail system. He cross-reference digital fingerprints associated with those sites for those who are almost exclusively Fancy Bear, that his Tokyo-based firm dubs “Pawn Storm.”
Trend Micro, previously drew international attention to the use of an identical technique to discover a series of fake websites apparently set to harvest e-mails of the French presidential candidate, Emmanuel Macron campaign in April 2017. The sites’ discovery was followed two months later by a yet unexplained publication of private e-mails of various Macron members of staff in the final days of the race.
Hacquebord said the rogue Senate sites were established in June and September 2017, matching their French counterparts.
“That is exactly the way they attacked the Macron campaign in France,” he said.
Attribution is extremely difficult in the world of cybersecurity, where hackers routinely use deception and red herrings to fool their opponents. But Tend Micro, which followed Chic Wear for a year, said that there could be no doubt.
“We are 100 percent sure that it can be attributed to the Pawn Storm group,” says Rik Ferguson, one of the Hacquebord colleagues.
Like many cybersecurity companies, Trend Micro refuses to speculate publicly on who is behind such groups, referring to Pawn Storm only as “Russia-related interests.” But the U.S. intelligence community claims that the Russian military intelligence attracts the hackers’ strings and a months-long Associated Press investigation into the group, based on a large database of targets provided by the cybersecurity company Secureworks, has detected that the group is closely aligned to the Kremlin of the objectives.
If you Fancy a Beer has focused on the Senate over the past few months, it would not be the first time. An AP analysis of Secureworks’ list shows that a number of staff were targeted between 2015 and 2016.
Among them: Robert Zarate, now the foreign policy advisor of Florida Senator Marco Rubio; Josh Holmes, a former chief of staff of Senate majority Leader Mitch McConnell, who now runs a Washington consultancy, and Jason Thielman, chief of staff to Montana Senator Steve Daines. A Congress researcher who specializes in national security issues is also targeted.
Beautiful Beer interests are not limited to, AMERICAN politics; the group also appears to have the Olympics in mind.
Trend Micro’s report said that the group had set up infrastructure to collect e-mails of a series of the Olympic sports federations, including the International Ski Federation, the International Ice Hockey Federation, the International Bobsleigh & Skeleton Federation, the International Luge Federation and the International Biathlon Union.
The focus of the Olympic groups, such as the relations between Russia and the International Olympic Committee, in particular, are loaded. The Russian athletes are forced to compete under a neutral flag in the next Pyeongchang Olympics after an extraordinary doping scandal that has seen 43 athletes and a variety of Russian officials banned for life. Amid speculations that Russia might retaliate by orchestrating the leak of prominent Olympic officials’ e-mails, cybersecurity companies like McAfee and ThreatConnect have picked up on the signs that the state backed hackers are making movements against the winter staff and the anti-doping officials.
On Wednesday, a group which brazenly established for the Great Bear nickname began publishing what appeared to be the Olympics and doping-related e-mails between September and March, 2016 and 2017. The content is largely inconspicuous, but their publication was discussed extensively by the Russian state, the media, and some read the leak as a warning for the Olympic officials, under pressure from Moscow too hard about the doping scandal.
Or the Senate e-mails may be published in such a way is not clear. Earlier warnings that the German legislators correspondence can be leaked by Chic Wear ahead of last year’s election, there seem to have come to nothing.
On the other hand, the group has already dumped at least one U.S. legislator, the correspondence on the web.
One of the objectives on Secureworks’ list was the Colorado State Senator Andy Kerr, who said that thousands of his e-mails were posted on an obscure section of the website DCLeaks — a web portal, better known for the publishing of e-mails belonging to retired Gen. Colin Powell and several members of Hillary Clinton’s campaign — by the end of 2016.
Kerr said he was still baffled as to why he was targeted. He has said that he supported transparency, “there should be a process and a system.
“It should not to a foreign government or a hacker to say what gets released and what should not.”