"By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans nearly five years, we can uniquely relate them to a couple of "Pawn Storm" incidents in 2016 and 2017", the security company said in a blog post.
According to cybersecurity firm ThreatConnect, a group with the same name "Fancy Bear" had used the same website and the same format to publish documents in 2016 that had been hacked from the World Anti-Doping Agency (WADA) in response to that agency's finding that hundreds of Russian athletes had taken banned substances. The sites' discovery was followed two months later by a still-unexplained publication of private emails from several Macron staffers in the final days of the race. Like many cybersecurity companies, Trend Micro refuses to speculate publicly on who is behind such groups, referring to Pawn Storm only as having "Russia-related interests".
The U.S. intelligence community subsequently concluded that state-sponsored hackers breached the DNC and other targets as part of an election meddling campaign authorized by Russian President Vladimir Putin, and Moscow's involvement is now the subject of ongoing investigations in the House, Senate and Department of Justice. Marco Rubio; Josh Holmes, a former chief of staff to Senate Majority Leader Mitch McConnell who now runs a Washington consultancy; and Jason Thielman, the chief of staff to Montana Sen.
A Congressional researcher specialising in national security issues was also targeted.
Fancy Bear's interests aren't limited to United States politics; the group also appears to have the Olympics in mind. The AP says the hackers are also attempting to get emails for the International Luge Federation, as well as other Olympic-affiliated winter sports federations and anti-doping officials, perhaps in retaliation for Russia being kicked out of the upcoming Pyeongchang Olympics following a massive doping scandal. Previous warnings that German lawmakers' correspondence might be leaked by Fancy Bear ahead of last year's election there appear to have come to nothing. One of the targets on Secureworks' list was Colorado State Senator Andy Kerr, who said thousands of his emails were posted to an obscure section of the website DCLeaks _ a web portal better known for publishing emails belonging to retired Gen. Colin Powell and various members of Hillary Clinton's campaign - in late 2016.
A month after the International Olympic Committee banned Russian Federation from the 2018 Winter Olympics over doping concerns, hackers have released a set of emails related to the games set for February in South Korea.