The hacking group known as “Fancy Bear,” whose website is pictured, has been setting up fake sites mimicking the Senate’s login server, hoping to trick Senate staffers into entering their credentials there. | Alexander Zemlianichenko/AP Photo Russia-linked hackers are trying to infiltrate the Senate, cyber firm says

The suspected Russian hackers accused of breaching the Democratic National Committee and meddling in France’s presidential election are now targeting the U.S. Senate, according to new research.

Since last June, the hacking group known as “Fancy Bear” has been setting up fake websites mimicking the Senate’s login server, hoping to trick Senate staffers into entering their credentials there, according to findings released Friday by the cybersecurity firm Trend Micro.


The tactic, known as “phishing,” suggests that the Kremlin is laying the groundwork for a widespread compromise of Senate employees.

The fake websites were designed to look like the login page for the Senate’s email server, which runs on a Windows platform. The real Senate login page is not publicly accessible and can be reached only when users are on an internal Senate network. But Trend Micro researchers said the phishing campaign makes sense as a preparatory step.

“In case an actor already has a foothold in an organization after compromising one user account,” researchers wrote, “credential phishing could help him get closer to high profile users of interest.”

Morning Cybersecurity A daily briefing on politics and cybersecurity — weekday mornings, in your inbox. Email Sign Up By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The Trend Micro report also described how Fancy Bear hackers have been targeting Olympic sports organizations, and how they targeted Iranians ahead of that country’s 2017 presidential election.

Fancy Bear was one of two groups, along with “Cozy Bear,” that U.S. officials and researchers have blamed for hacking the DNC, the Democratic Congressional Campaign Committee and other mostly liberal targets in the run-up to the 2016 election.

Some of those hacks were technically sophisticated intrusions into computer servers. In other cases, Russian spies used the same strategy they are now using against the Senate, tricking victims — like Hillary Clinton campaign manager John Podesta — into typing their passwords into fake Gmail login portals.

According to the U.S. intelligence community, Moscow then published the stolen emails and documents through front personas like the self-styled independent hacker “Guccifer 2.0” and the website DC Leaks.

In March 2017, weeks before French voters picked their next president, Trend Micro discovered that Fancy Bear had similarly set up websites designed to trick staffers of the centrist candidate Emmanuel Macron, who was running against a far-right politician who had Kremlin support. Emails from Macron’s political party leaked the day before the election, but Macron won anyway.