'Fancy Bear' Targets Democratic Sen. Claire McCaskill
Russian hackers have their sights on McCaskill and her staff as they gear up for her 2018 re-election campaign.
Fancy Bear, a cyber espionage group believed to operate out of the Russian military agency GRU, has reportedly targeted Senator Claire McCaskill and her staff as they prepare for her 2018 reelection campaign.
This makes McCaskill, a Missouri Democrat, the first named target of Russia's 2018 election meddling, according to a report by The Daily Beast. Many consider her vulnerable given her past criticism of Russia; she has repeatedly accused the Kremlin of "cyber warfare against our democracy" and referred to Russian President Vladimir Putin as a "thug" and a "bully."
Attackers hit McCaskill's campaign with a variant of the password-stealing tactic Fancy Bear used against John Podesta in 2016, the report said. Senate staffers received fake notification emails instructing them to change their Microsoft Exchange passwords. If they clicked, targets were sent to a page disguised to belong to the US Senate's Active Directory Federation Services login. Each phishing email was tailored to its recipient's email address.
Microsoft first reported three hacking attempts on the midterm elections late last week. Experts earlier this year detected a fake Microsoft domain had been registered as a landing page for attacks against midterm candidates, though they didn't identify them at the time.
McCaskill released a statement that said the cyberattack was unsuccessful.
Read more details here.
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.
About the Author
You May Also Like
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024