PARIS — Jan 12, 2018, 9:40 PM ET

Cybersecurity firm: US Senate in Russian hackers' crosshairs


Interested in Russia Investigation?

Add Russia Investigation as an interest to stay up to date on the latest Russia Investigation news, video, and analysis from ABC News.
Add Interest

The same Russian government-aligned hackers who penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate, a cybersecurity firm said in a report Friday.

The revelation suggests the group often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 U.S. electoral contest, is still busy trying to gather the emails of America's political elite.

"They're still very active — in making preparations at least — to influence public opinion again," said Feike Hacquebord, a security researcher at Trend Micro Inc. who authoered the report. "They are looking for information they might leak later."

The Senate Sergeant at Arms office, which is responsible for the upper house's security, declined to comment, but Nebraska Sen. Ben Sasse said it was time for U.S. Attorney General Jeff Sessions to return to Congress to say what action had been taken to help ensure lawmakers' digital safety.

"The Administration needs to take urgent action to ensure that our adversaries cannot undermine the framework of our political debates," he said in a statement.

Trend Micro based its report on the discovery of a clutch of suspicious-looking websites dressed up to look like the U.S. Senate's internal email system. The Tokyo-based firm then cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which it dubs "Pawn Storm."

Trend Micro previously drew international attention when it used an identical technique to uncover a set of decoy websites apparently set up to harvest emails from the French presidential candidate Emmanuel Macron's campaign in April 2017 . The sites' discovery was followed two months later by a still-unexplained publication of private emails from several Macron staffers in the final days of the race.

Hacquebord said the rogue Senate sites — which were set up in June and September of 2017 — matched their French counterparts.

"That is exactly the way they attacked the Macron campaign in France," he said.

Attribution is extremely tricky in the world of cybersecurity, where hackers routinely use misdirection and red herrings to fool their adversaries. But Tend Micro, which has followed Fancy Bear for years, said there could be no doubt.

"We are 100 percent sure that it can attributed to the Pawn Storm group," said Rik Ferguson, one of the Hacquebord's colleagues.

Like many cybersecurity companies, Trend Micro refuses to speculate publicly on who is behind such groups, referring to Pawn Storm only as having "Russia-related interests." But the U.S. intelligence community alleges that Russia's military intelligence service pulls the hackers' strings and a months-long Associated Press investigation into the group, drawing on a vast database of targets supplied by the cybersecurity firm Secureworks, has determined that the group is closely attuned to the Kremlin's objectives.

If Fancy Bear has targeted the Senate over the past few months, it wouldn't be the first time. An AP analysis of Secureworks' list shows that several staffers there were targeted between 2015 and 2016.

Among them: Robert Zarate, now the foreign policy adviser to Florida Sen. Marco Rubio; Josh Holmes, a former chief of staff to Senate Majority Leader Mitch McConnell who now runs a Washington consultancy; and Jason Thielman, the chief of staff to Montana Sen. Steve Daines. A Congressional researcher specializing in national security issues was also targeted.

Fancy Bear's interests aren't limited to U.S. politics; the group also appears to have the Olympics in mind.

Trend Micro's report said the group had set up infrastructure aimed at collecting emails from a series of Olympic winter sports federations, including the International Ski Federation, the International Ice Hockey Federation, the International Bobsleigh & Skeleton Federation, the International Luge Federation and the International Biathlon Union.

The targeting of Olympic groups comes as relations between Russia and the International Olympic Committee are particularly fraught. Russian athletes are being forced to compete under a neutral flag in the upcoming Pyeongchang Olympics following an extraordinary doping scandal that has seen 43 athletes and several Russian officials banned for life. Amid speculation that Russia could retaliate by orchestrating the leak of prominent Olympic officials' emails, cybersecurity firms including McAfee and ThreatConnect have picked up on signs that state-backed hackers are making moves against winter sports staff and anti-doping officials.

On Wednesday, a group that has brazenly adopted the Fancy Bear nickname began publishing what appeared to be Olympics- and doping-related emails from between September 2016 and March 2017. The contents were largely unremarkable but their publication was covered extensively by Russian state media and some read the leak as a warning to Olympic officials not to press Moscow too hard over the doping scandal.

Whether any Senate emails could be published in such a way isn't clear. Previous warnings that German lawmakers' correspondence might be leaked by Fancy Bear ahead of last year's election there appear to have come to nothing.

On the other hand, the group has previously dumped at least one U.S. legislator's correspondence onto the web.

One of the targets on Secureworks' list was Colorado State Senator Andy Kerr, who said thousands of his emails were posted to an obscure section of the website DCLeaks — a web portal better known for publishing emails belonging to retired Gen. Colin Powell and various members of Hillary Clinton's campaign — in late 2016.

Kerr said he was still bewildered as to why he was targeted. He said that while he supported transparency, "there should be some process and some system to it.

"It shouldn't be up to a foreign government or some hacker to say what gets released and what shouldn't."


Associated Press writer James Ellingworth in Moscow contributed to this report.


Raphael Satter can be reached at:



Trend Micro's report:

News - Cybersecurity firm: US Senate in Russian hackers' crosshairs

RRelated Posts


  • travis Dejesus

    Perhaps the U.S. should dable in Russian elections a little and see what comes of it.

  • Mark Cosenza

    Someday the Russians may want a Democrat to win and then the GOP might wake up...

  • Siestasis42

    As more Congressmen and women are targeted they will get more serious about security. If you do not want it broadcast do not type it.

  • Sastre Jordan

    Try returning to pen and paper for highly sensitive info with the old wax seal until cyber security efforts are 100% effective. Although the vulnerabilities in the Intel, etc , chips will make 100% impossible. That plus Trump's collusion with the Russians against his own country could expose our country to Russian invasion without any weapon fired. Why is Trump still President?

  • Evan German

    I just finished reading this story, and I am saddened to report that Trump and the White House are still holding the 'there was no collusion' party line up as the only statement that is not 'FAKE NEWS'. LOL ROTFLMBO

  • ProfPalefuddy

    Anyone saying anything over any sort of wire, wifi, or cyber who thinks it is secure is Foolish. We need to go back to speaking face to face, in a secure location.

  • dorika

    It just an Alert. Russian hackers & trolls Not only residing in Russia. They are acting from the US as well. They are plenty of them here as students visa holders, green card holders, immigrants /mostly all with dual citizenship/ and not legal, most of the newspapers, Russian radio within the Russian community are well connected to Russia and working on the behalf of Putin/Trump and Republicans.

  • TexasVulcan

    It's about time we had universal encryption as part of standard email and messaging and web browsing ALL THE TIME. Surely, this cannot be beyond the possible.

  • NavinJay

    Russian hacker. You mean that 600lbs Russian guy Trump asked to hack Hillary's emails during a debate?

  • Terry Stein

    If Putin could take over America, I believe the Republicans would celebrate.

  • muttonchops

    Good for you Russia it keeps American stooges on their toes. Now we need to know how many foreigners are working our social media and how many are right here in the USA running our technology.
    We don't need another Huma's affair.................

  • BigE

    Are there idiots here that think the Russians aren't trying to hack us??? What about the Chinese, North Korea, Pakistan, Iran? Do you guys think they are not trying to hack up either? Everybody is trying to hack us you idiots - 24 hrs a day 7 days a week they are working to hack us. Don't be so freaking naive.
    The Russians are trying to mess with our elections!!!! News flash genius - they've been doing that for the last 50 years. Guess what - the US does everything right back to them too.

  • Guy Norbury

    Trump is not sure Russia did anything wrong. Putin denys it!

  • wm97

    Cyber is very important. Barron is very good at computers. He has a cyber himself. Very secure. Keeping America safe.

  • Miles

    Trump and team will ignore like they ignore most things about cyber security. I am not even convinced they even know what it is.

  • John Barron

    We need a big beautiful FireWall.. We can make Haiti, Africa, and Norway pay for it.

  • jw619

    The russians are looking for ways to help republicans win the next election as they did with trump . They own him thru blackmail the have the big time dirt on him and he knows it

  • Sola Scriptura IV

    The US and many parts of Europe is becoming a s---hole in every way, shape, and form. And it’s becoming worse and worse by the day. When I am old and gray, I’ll live in the far away hills of Switzerland. Nicer people, beautiful natural landscape/scenery, lovely food. Also the school of many of my Protestant Reformed heroes.

  • rightened

    Why worry? Our own President stood right there on national television and dared Russians to hack into the FBI, to find Hillary's emails. So why should other government systems be immune, right? Right?

    See what you invited in the door, Trump?

  • Catherine Cook

    What is so pathetic is that trump can lie right to our face and Republicans say nothing. Why wouldn't he think his behavior is ok?

  • Ronald Bandor

    The Russians demonstrated during the invasion of Crimea that they are willing to do obvious bad acts, and then, with a straight face, just deny the truth.

    If they are willing to deny that those are their own troops, which you can see clearly, they are definitely going to continue to take any hacking advantage that they can get -- and then lie. The Russians realize that the 21st century battlefield is not like the battlefields of the last century. It will be waged in cyberspace and in propaganda. Sadly, so many self-proclaimed "patriots" in our own county continue to give them aid and comfort.

  • Noah

    Be Scared, everyone be super scared!!!! Election meddling has been going on for at least the last 100 years and All countries do it, even the US. Get over it, this isnt new news.

  • Lee Thompson

    If Repubs are hit, will we see some concern about these cyber attacks? Will congress do something to protect this country?

  • CaliforniaBorn

    They got into the Democratic party emails with the weakest fishing scheme.

  • MickC

    Comrade Trump will make sure the Russian hackers are not disturbed.

  • Conor Fay

    Build two walls. One separating the west coast (California, Oregon and Washington) from sane America, and one around Minnesota.

  • Ctrygrl

    It has been a year and nothing, absolutely nothing has been done by the party in charge to even remotely try to prevent this, gee wonder why

  • dustyrivers

    "The same Russian government-aligned hackers who penetrated the Democratic Party have spent the past few months laying the groundwork for an espionage campaign against the U.S. Senate, a cybersecurity firm said Friday."
    And Dear "Comrade" Trump will cheer the hackers and congratulate Putin on a job well done......

  • Prophet With Honor

    This should get the GOP Senators off their duffs. My guess is that they have been dumb enough to put some embarrassing things out there. I see some of the Wall money getting diverted to cyber security.