The same Russia-linked group of hackers that penetrated the Democratic National Committee’s computers before the 2016 election spent last summer trying to get into the email system of the U.S. Senate ahead of the 2018 midterm elections, an independent cybersecurity firm said in a report released Friday.
The hacking group, commonly known as Fancy Bear, tried to penetrate the Senate email system between June and September, said Feike Hacquebord, a senior threat researcher with the Tokyo-based internet security firm Trend Micro Inc.
But it’s not clear whether the attempt was successful — or exactly what the hackers were after, Hacquebord told VICE News.
“They are known for leaking sensitive data in a very selective way to the media in the hopes that it will be published,” Hacquebord said. “Their objective seems to be to get information only. They’re not interested in money.”
While Trend Micro’s policy is not to attribute a nationality to the hacking outfit, which it refers to by the alternative alias Pawn Storm, “it’s clear that the group is going after organizations that might be perceived as a risk to Russia,” Hacquebord said.
Fancy Bear was identified as one of two groups (along with another called Cozy Bear) that hacked into the computers of the Democratic National Committee ahead of the 2016 election by cybersecurity firm CrowdStrike, which was hired by the DNC to investigate the infiltration.
CrowdStrike has said Fancy Bear’s “profile closely mirrors the strategic interests of the Russian government, and may indicate affiliation with… [the] GRU, Russia’s premier military intelligence service.”
A spokesperson for the office of the Senate Sergeant-at-Arms, the agency tasked with Senate security, declined to comment specifically on the break-in attempt described by Trend Micro but said they proactively review all threats.
Russia has consistently denied attempting to influence the 2016 U.S. presidential election, despite the U.S. intelligence community determining that it did. CIA Director Mike Pompeo said Jan. 7 that Russia is now engaged in a campaign to influence the 2018 midterm elections in an appearance on "Face the Nation."
Fancy Bear, aka Pawn Storm, has attempted to penetrate a ridiculously long list of other targets, too, according to Trend Micro, including political organizations in France, Germany, Montenegro, Turkey, and Ukraine.
“The list is endless,” Hacquebord said. “They also target journalists who report on defense topics and Eastern European politics.”
In recent months, the group’s been busy trying to penetrate groups associated with the 2018 Winter Olympics, according to Micro Trends.
Coincidentally, Russia’s had a pretty stormy relationship with the Olympics lately.
Russia was officially kicked out of the 2018 Winter Olympics in PyeongChang, South Korea, after an investigatory commission led by former President of Switzerland Samuel Schmid found "systemic manipulation of the anti-doping rules and system in Russia." Russia denies all the charges, and Russian President Vladimir Putin has called the ban an attempt to undermine the country’s presidential election in March 2018.
“In the last six months, they’ve been targeting a lot of winter sports organizations,” Hacquebord said, including the European Ice Hockey Federation, the International Ski Federation, the International Biathlon Union, the International Bobsleigh and Skeleton Federation and the International Luge Federation.
Computer security firm McAfee Advanced Threat Research also claims to have discovered a cyber campaign targeting organizations involved with the Pyeongchang Olympics.
On Wednesday, Virginia-based cybersecurity firm ThreatConnect said that a group calling itself “Fancy Bears” and seemingly created by Fancy Bear “released a post suggesting they had compromised emails from the International Olympic Committee.”
In that announcement, Fancy Bear claimed to have obtained “emails and documents [that] point to the fact that the Europeans and the Anglo-Saxons are fighting for power and cash in the sports world.”