Threat Management, Malware

Pawn Storm readied attacks against U.S. senators, political and Olympic targets

The cyberespionage gang Pawn Storm, also known as Fancy Bear and affiliated with Russian intelligence, targeted U.S. senators in a cyberespionage reminiscent of the one launched against French President Emmanuel Macron during his run for the presidency. 

"We are 100 percent sure that it can be attributed to the Pawn Storm group," an analyst from Trend Micro, which released by Trend Micro, which tracked the group's activities, including attacks against the Olympic Wintersports Federation, in 2017.

The cybergang has been attacking political organizations in France, Germany, Montenegro, Turkey, Ukraine, and the United States since 2015 and continued doing so in 2017 with various credential-stealing phishing attacks using the same methods, which haven't shown much technical innovation over time, according to Trend Micro researchers.

In some of the group's most recent attacks, threat actors sent phishing emails spoofing Microsoft and other popular accounts, telling victims their passwords were about to expire. While the attacks may seem simple, stealing credentials is often just the beginning of more targeted sophisticated attacks with much more dire consequences.

The group's attacks against the Olympic Wintersports Federations had some success compromising WADA (the World Anti-Doping Agency) and TAS-CAS (the Court of Arbitration for Sport) in what were considered particularly noteworthy attacks since they were carried out around the same time several Russian Olympic players were being banned for life in fall for using banned substances.

Researcher noted in the report “rogue political influence campaigns are not likely to go away in the near future. Political organizations have to be able to communicate openly with their voters, the press and the general public.”

This makes them vulnerable to hacking and spear phishing and also easy to influence public opinion via public opinion as attacker continue to look to influence opinion via advertisements that take advantage of social media algorithms to promote the threat actors agenda.

"It's undeniable that all elected officials and government organizations are under constant cyber siege,” Ben Johnson, CTO and co-founder of Obsidian Security told SC Media. “Period. The reality of 24/7 digital threats means that officials need the equivalent of cyber bodyguards."

Researcherspili expect the cybergang to carry out more attacks as the 2018 Olympics approach. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.