One of the three US senators being targeted by sophisticated spearphishing campaigns has been identified as Missouri Democrat Claire McCaskill, sparking fears that Russian actors may be attempting to help the GOP retain its Senate majority during the upcoming mid-term elections.
Microsoft revealed at a security conference last week that three senators had been hit with attempted spearphishing attacks similar to the one which John Podesta fell victim to in 2016, using a spoofed version of the US Senate's Microsoft Active Directory login page to lure the targets in.
The identity of one of these targets has been confirmed by a Daily Beast investigation as a policy aide to Senator McCaskill. Each spearphishing email includes a unique URL that allows the spoofed page to display the email address of the target, and a screencapture of the spoofed domain from forensic snapshot tool URLscan.io was found, revealing the target's identity.
While Microsoft has yet to confirm who launched the attack, it is widely suspected to be the work of the same Russian intelligence unit accused of perpetrating the DNC hack, codenamed 'Fancy Bear'.
Senator McCaskill released a statement pinning the attack on Russia, in-keeping with her historically hard-line stance on Russia's international conduct which has seen her previously dub Putin a "thug and a bully".
"Russia continues to engage in cyber warfare against our democracy. I will continue to speak out and press to hold them accountable," she said. "While this attack was not successful, it is outrageous that they think they can get away with this. I will not be intimidated. I've said it before and I will say it again, Putin is a thug and a bully."
McCaskill is facing re-election in the imminent mid-terms, and is somewhat embattled; Trump won her home state by a 20-point margin in 2016, and more than $15 million has been spent so far opposing her election. The cyber security of the upcoming elections has been identified as a priority by Congress, who have allocated $350 million to ensure their safety.
20/07/2018: Hackers target US mid-term elections
Security experts have detected hacking attempts on the US mid-term elections for first time, after Microsoft announced that it identified and blocked attempted attacks on three congressional candidates so far this year.
Tom Burt, Microsoft's vice president of security and trust, revealed the news at the Aspen Security Summit, Politico reports. The company has not disclosed whether or not the Russian government is suspected of being behind the attacks, and did not specify who the targets were.
Burt did note, however, that they were all candidates for this year's mid-term elections, and were "people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint".
The attackers set up a bogus page purporting to be a Microsoft domain, for the purposes of mounting spearphishing attacks to steal targets' credentials. This is a common tactic, and one that allegedly enabled Russian state hackers to access John Podesta's emails in 2016 - which, according to the US Department of Justice, then enabled them to hack the DNC and potentially sway the election.
However, Burt noted that the level of cyber activity observed around the mid-term elections is noticeably less than what was seen during the 2016 presidential elections, indicating that the threat of interference may not be as great.
"On the other hand, cyber security experts Carbon Black warned that cyber warfare is still a very real issue. "Geopolitical tensions manifest in cyberspace," the company's chief cyber security officer Tom Kellermann said. "There is a direct link between the failures of diplomacy and cyberespionage and cyberterrorism. The cold war adversaries have colonised wide swaths of Western cyberspace."
