Sen. Claire McCaskill, an incumbent facing a tight race in the 2018 US mid-term elections, has affirmed that Russian hackers are attempting to interfere with her re-election campaign, following an independent forensic analysis identifying her as a target.
In an exclusive report, the Daily Beast yesterday revealed that a phishing operation bearing many of the hallmarks of Russian APT group Fancy Bear targeted the Missouri senator beginning in August 2017. However, there is no evidence that any of McCaskill's staff members were successfully baited.
The report serves to further support the US intelligence community's widespread consensus that Russian hackers, under the orders Russian President Vladimir Putin, continue to meddle with US elections, just as they did in 2016 when they engaged in a campaign to help Trump attain the presidency. At the same time, the report flies in the face of a recent tweet by President Donald Trump, in which he claimed that if Kremlin-sponsored hackers were to meddle with US elections, they would help the Democrats.
"Russia continues to engage in cyber-warfare against our democracy. I will continue to speak out and press to hold them accountable," said McCaskill in an official statement, in response to the report. "While this attack was not successful, it is outrageous that they think they can get away with this. I will not be intimidated. I've said it before and I will say it again: Putin is a thug and a bully."
According to the Daily Beast, the hackers attempted to steal McCaskill staffers' credentials by sending them fraudulent notification emails that falsely claimed their Microsoft Exchange passwords had expired. Clicking on the link would then take the prospective victim to a site impersonating the US Senate's Active Directory Federation Services (ADFS) login page -- a technique previously used by Fancy Bear, one of the two Russian APT groups blamed for hacking the Democratic National Committee and Hillary Clinton's campaign chairman John Podesta in the run-up to the 2016 elections.
The Daily Beast's forensic investigation was reportedly prompted by public comments from Microsoft VP Tom Burt, who at a security conference had referenced his company's efforts to sinkhole a malicious domain involved in a phishing campaign targeting three unnamed midterm election candidates last year. The report does not identify who the other two targeted candidates were.
"Cyber-security is the new battlefield. I fear that the phishing attempt on Senator McCaskill is just the beginning and that we'll see an escalating series of cyberattacks leading up to the midterms," said Adrien Gendre, chief solutions architect at Vade Secure, in emailed comments. "Like other sophisticated cyber-criminals, nation-states iterate their techniques, taking a test-and-learn approach as they probe for weaknesses in our defences."