Hackers linked to the Russian state are targeting the US Senate as part of a string of attacks on American political organisations, according to a report from Trend Micro.
In 2016, cyber criminals based in Russia infiltrated the Democratic National Committee, the organising arm of the Democratic Party, during the US presidential campaign.
The report explores the digital footprint of a highly cited hacking organisation, which has been code-named 'Fancy Bear'. Security specialists at Trend Micro identified a range of email-based phishing campaigns targeting accounts associated with the Senate.
Pawn Storm has a large toolset full of social engineering tricks, malware and exploits
"While these emails might not seem to be advanced in nature, we've seen that credential loss is often the starting point of further attacks that include stealing sensitive data from email in-boxes," warned Trend Micro security researcher Feike Hacquebord.
Hacquebord, who also refers to Fancy Bear as 'Pawn Storm' in the report, explained that the infamous hacking group conducted these attacks towards the end of last year.
"In the second half of 2017 Pawn Storm, an extremely active espionage actor group, didn't shy away from continuing their brazen attacks," he said.
"Usually, the group's attacks are not isolated incidents, and we can often relate them to earlier attacks by carefully looking at both technical indicators and motives.
To trick users into disclosing their login credentials, the crooks sent a series of standard phishing baits, such as Microsoft Exchange emails alerting them about expired passwords or about new files being added to their OneDrives.
"One type of email is supposedly a message from the target's Microsoft Exchange server about an expired password. The other says there is a new file on the company's OneDrive system," said the researcher.
Hacquebord said that while these attacks are simple, they can get results. "These attacks don't show much technical innovation over time, but they are well prepared, persistent, and often hard to defend against," he said.
Beginning in June 2017, phishing sites were set up mimicking the ADFS of the US Senate
"Pawn Storm has a large toolset full of social engineering tricks, malware and exploits, and therefore doesn't need much innovation apart from occasionally using their own zero-days and quickly abusing software vulnerabilities shortly after a security patch is released."
Hacquebord said the organisation is trying to bring down the Senate. "Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the US Senate," he added.
"By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017.
"The real ADFS server of the US Senate is not reachable on the open internet, however phishing of users' credentials on an ADFS server that is behind a firewall still makes sense."
Microsoft seizes control of phishing sites linked with Russian state hackers
Fitness trackers over-estimate the number of steps their users take, analysis of 67 research reports suggests
Everything we think we know about the imminent Apple iPhone 9, iPhone 11 and iPhone 11 Plus launches
All the latest rumours about Apple iPhone Displays, CPUs, launch dates and even prices
Nvidia brings Turing microarchitecture into the high-end gaming segment