While Americans continue to bicker over Russia’s role in the 2016 presidential election, America’s next big election is also being hacked, right now, a U.S. information security company claims.
Trend Micro says the same hacker group that targeted the Democratic National Committee during the 2016 presidential campaign has already laid the groundwork to manipulate the 2018 Senate race. The security firm says it has found phishing sites designed to mimic a U.S. Senate login page, designed to steal credentials that could be used in a future attack — perhaps the theft of private emails that could be later published and embarrass candidates.
Trend researchers traced the phishing sites to notorious hacker group known commonly as Fancy Bear — Trend calls the group Pawn Storm — which has been implicated in several high-profile political attacks, including the DNC hack.
The security firm does not claim that Pawn Storm has been successful in stealing credentials.
Sen. Ben Sasse (R-Neb.) reacted swiftly to the news, warning that Russia was “just getting started,” and calling for Attorney Gen. Jeff Sessions to testify about measures being taken to protect the election, according to TheHill.com
“Last year, FBI Director [James] Comey said he was certain that Senate IT systems have been targeted and the Attorney General said we weren’t doing enough to prepare for Russia’s next attack,” Sasse said, according to the website. “The Administration needs to take urgent action to ensure that our adversaries cannot undermine the framework of our political debates and the Attorney General should come back to Congress and explain what steps he’s taken since last year.”
Pawn Storm has recently tried to meddle in several elections around the world, Trend claims, and was involved in the theft of from Emmanuel Macron’s emails during the French 2017 national election. The group also attempted to steal credentials during the Iranian election in 2017 and engaged in “similar targeted activity against political organizations” in Germany, Montenegro, Turkey, and Ukraine.
Pawn Storm has also targeted various groups related to the Olympics, including the European Ice Hockey Federation and the International Ski Federation, Trend claims. Russia is currently banned from the 2018 Olympics over a doping scandal.
Fancy Bear’s technique is simple, but effective. After stealing login credentials, it downloads emails, looking for embarrassing messages that could sway public opinion if published. Trend says repeatedly in its report that the hacking group is methodical and persistent in its attempts to steal credentials — thefts that could ultimately lead to havoc in a nation’s election.
“These attacks don’t show much technical innovation over time, but they are well prepared, persistent, and often hard to defend against. Pawn Storm has a large toolset full of social engineering tricks, malware and exploits, and therefore doesn’t need much innovation,” the report says.
Trend doesn’t label Pawn Storm as a Russian hacking group,but activity noted in the report — such as targeting Olympic organizations in the wake of the Russia ban — makes clear the hackers seem to be furthering Russian objectives.