The Russian government-linked hacking group that breached the Democratic National Committee in advance of the 2016 elections is now targeting the U.S. Senate, a cybersecurity firm reported Friday.
Beginning in June, the group, which the firm Trend Micro calls Pawn Storm, set up a phony version of a Senate log in page to con staffers into entering their credentials, according to the report.
The phony login page mimicked the Senate’s “active directory federation service,” which is similar to a universal sign-on page for all components of a Microsoft Windows-based system.
The real Senate directory is not accessible on the public internet, so the hacking group couldn’t simply take mistakenly entered credentials and use them to access Senate systems, Trend Micro said.
If the group had penetrated Senate systems in some other way, however, credentials entered into the phony directory could be useful for strengthening the hackers’ foothold or gleaning more information, the cyber firm said.
The group Pawn Storm is also called Fancy Bear and APT[Advanced Persistent Threat group] 28 by different cybersecurity companies with different naming conventions.
Soon after the Trend Micro report was released, Sen. Ben Sasse, R-Neb., called on Attorney General Jeff Sessions to testify before the Armed Services Committee about administration efforts to counter Russian cyber aggression.
“Russia is just getting started and the hacks, forgeries, and influence campaigns are going to get more and more sophisticated,” Sasse said. “Moscow wants to undermine America’s trust in our institutions and Putin couldn’t be happier with Washington’s obsession with making everything about settling partisan scores instead of preparing for 2018 and 2020.”
Senate appropriators approved a $28.6 million funding bump in July to improve the chamber’s cybersecurity.
Senate systems do not require two-factor authentication—such as a password and a unique code sent to a mobile device—for access unless staff members are logging in from home, a Senate aide told Nextgov.
The Trend Micro report also described Pawn Storm hacking campaigns targeting the Iranian presidential elections and Winter Olympics groups.