Russian state-linked hackers accused of targeting Democratic Party officials ahead of the 2016 US presidential election have turned their focus on the Senate, according to Trend Micro.
The group known as Pawn Storm, Fancy Bear, Sednit and APT 28, set up phishing sites designed to ape the ADFS (Active Directory Federation Services) of the upper chamber, the security vendor claimed.
“By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017,” explained senior threat researcher, Feike Hacquebord.
“The real ADFS server of the US Senate is not reachable on the open internet, however phishing of users’ credentials on an ADFS server that is behind a firewall still makes sense. In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest.”
These tactics were used to devastating effect on the Democratic National Committee (DNC) ahead of the presidential election, with highly sensitive emails subsequently leaked under the online moniker Guccifer 2.0.
Hillary Clinton has claimed the revelations exposed in those leaks helped to turn the electorate against her during the race for the White House.
The timing of the latest phishing attempts is key, given the mid-term elections later this year.
The US is not the only country Russian-linked hackers are looking to destabilize: they’ve also targeted political organizations in Iran, France, Germany, Montenegro, Turkey, and Ukraine, according to Trend Micro.
It forms a key part of the Putin administration’s information warfare campaign against the West, alongside fake news and propaganda spread via bots and shills on social media.