The Russian hacking group that managed to steal Democratic National Committee emails during the 2016 presidential campaign has also attempted to break into the U.S. Senate email system, according to a cybersecurity company.
The hacking group, known by the nickname Fancy Bear, stepped up its political hacking efforts in the second half of 2017, including setting up fake websites designed to mimic a Senate email system.
“They were quite active, targeting at least five organizations including two government organizations outside of the U.S.,” Feike Hacquebord, one of the researchers tracking the group for Trend Micro, told Newsweek.
Hacquebord said he couldn’t tell whether the fake websites worked, only that the Russian hackers had been attempting to hook Senate staffers. He said the hackers have also been busy internationally, trying to gain access to the accounts of Iranian email users the day before that country’s 2017 presidential elections, for example.
It is against Trend Micro's policy to claim that governments are behind any hacking group, but other cybersecurity experts linked Fancy Bear to the GRU, a Russian intelligence agency. U.S. intelligence agencies also made the connection as part of a public report on Russia’s election meddling.
The attacks use what cybersecurity experts call “spear phishing,” a technique that attempts to fool victims into providing security information, downloading files or going to certain websites because of specific details in an email that make it appear to be coming from a legitimate source.
“You need a good preparation, so you have to know whom to target exactly and they are quite precise in what they do,” Hacquebord said.
Earlier in the week, Fancy Bear appeared to be leaking information gained from attacks against the International Olympic Committee, in apparent response to Russia being banned from this year’s Olympic Games.
Hacquebord, who has been tracking the group since 2015, said it has used similar attack tactics for years, and targeted several countries including German and France. The group appears to be well funded, he said, and never seems to seek financial gain. Instead, it works with intermediaries like WikiLeaks to release embarrassing information.
“We think that this is just part of an attempt to influence public opinion about certain matters,” he said. “I’ve never seen evidence for any motivation to earn money—the only motivation seems to be information.”
The hackers' complicated attack techniques make it appear they are either very well-funded or are part of a large team, Hacquebord said. The development of such techniques requires a capable team, or they can be bought, often at about $100,000 per software vulnerability.
Russian hackers have not slowed down their meddling since the election, according to experts, who point to several social media campaigns in recent months attempting to stir dissent inside the U.S. political sphere. Special Counsel Robert Mueller’s investigation into the Trump campaign’s possible ties to Russia has been a favored target in recent months, with about 20% of social media traffic from accounts linked to Russian intelligence trying to undermine faith in the probe.
Democrats have been warning that Russia will try to meddle in the 2018 election, and said President Donald Trump has done little to protect the U.S. against such efforts.
More from Newsweek