INSUBCONTINENT EXCLUSIVE:
Hackers that targeted a Democratic senator up for reelection this year may have left behind clues in their attack that further suggest
Russian involvement.
The office of Claire McCaskill, a Missouri senator, was targeted in an apparent targeted phishing attack from a fake
Microsoft domain that the software giant later seized pursuant to a court order
The Daily Beast reported that a then-McCaskill staffer was the target of the attack, which was attributed to hackers linked to Russian
intelligence— largely because the effort was similar to the phishing attack on Hillary Clinton campaign chair John Podesta, whose account
was successfully breached and emails were shared with WikiLeaks.
Now, new research suggests that the phishing page used in the McCaskill
attack contains language-specific code references that lends further credence that Russian hackers were involved.
When the hackers built
the phishing page used to trick the McCaskill staffer, they scraped the code from a legitimate Microsoft login page that staff would use to
That code included a browser-generated link of the original web page that was scraped, the research said
That link appended a language marker at the end which varies depending on which country the user is located in the world — such as &gb&
for the UK, or &fr& for France.
Because the language tag was &ru&, which researchers say shows that the code was likely scraped from a user
in Russia.
Yonathan Klijsnma, threat researcher at RiskIQ, said that in many cases hackers won''t build a phishing page from scratch but
will simply copy and save the page it trying to imitate
In doing so, any saved language tags embedded in the code &can be a crucial clue in connecting operators with their malicious
campaigns.
Klijsnma said these tags are often overlooked by the hackers
That which resulted in a sloppy phishing page that was saved by RiskIQ vast internet crawling operation.
Although McCaskill, a vocal Russia
critic, confirmed the &unsuccessful& attempted hack in a press release in July that she attributed to Russia, a spokesperson for McCaskill
declined to comment further when reached Wednesday prior to publication.
In an additional twist, Klijsnma also found that the same Russian
hackers also targeted reporter Serhiy Drachuk, whose work has long criticized of the Russian regime
Code from the page that was used in the McCaskill phishing attempt contained leftover references to the journalist work email address, which
was previously accessed by the hackers.
We reached out to Serhiy Drachuk for comment, but did not hear back by the time of writing.
It the
latest in a long string of cyberattacks and phishing efforts to target US political institutions before and during the 2016 presidential
Just this week, Democratic National Committee officials said they thwarted an attempt to access their voter database
It comes hot on the heels of Microsoft announcement that it prevented a Russian-backed advanced persistent threat group known as Fancy Bear
(or APT28) to steal data from political organizations.
