Cybersecurity Firm Says Kremlin Hackers Have Targeted The US Senate, Why stop when you have success?
"Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the U.S. Senate," the company says in a new report about the hacking group they call "Pawn Storm."
Like similar firms, Trend Micro has been shadowing these hackers for a long time. "Pawn Storm's modus operandi is quite consistent over the years, with some of their technical tricks being used repeatedly."
"By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017," they explain.
The real ADFS server of the U.S. Senate is not reachable on the open internet, however phishing of users' credentials on an ADFS server that is behind a firewall still makes sense. In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest.
Better known as "Fancy Bear" or APT28, Pawn Storm is almost certainly a Russian military intelligence unit. "The sheer volume of their attacks requires careful administration, planning, and organization" - a military staff - "to succeed," Trend Micro Senior Threat Researcher Feike Hacquebord says.
https://crooksandliars.com/2018/01/cybersecurity-firm-says-kremlin-hackers