Get the latest market trends in your inbox
Stay on top of the latest market trends and economic insights with the Axios Markets newsletter. Sign up for free.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul
Tampa-St. Petersburg news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg
Photo: Mark Wilson/Getty Images
Sen. Claire McCaskill’s team was targeted with spear phishing attempt from Russia’s intelligence unit around August 2017, according to The Daily Beast. Sen. McCaskill claims the attack wasn't successful, according to her statement on the attempt.
Why it matters: This is the first publicly identified target of the cyber attacks Moscow has launched in the buildup to the 2018 midterms. McCaskill is a vulnerable Democrat running for reelection in Missouri, a state where President Trump beat out Hillary Clinton in 2016 by almost 20 points.
Homeland Security Secretary Kirstjen Nielsen has previously said Russia is not launching attacks at the scale and scope of the 2016 attacks.
- Microsoft said last week at the Aspen Security Forum that two other campaigns have been targeted like this, although would not specify whether Russia was responsible.
The details: Senate targets received emails that claimed they needed to reset an expired Microsoft Exchange password. By clicking on a link in that email, they were redirected to a site made to look like the Senate’s Active Directory Federation Services (ADFS) login page, individualized based on who clicked.
- A Virginia judge issued a permanent injunction against the Russian intelligence hackers last August, which allowed Microsoft to take over websites hackers are responsible for that use Microsoft’s trademark.
The big picture: Individual campaigns and lawmakers’ staffing teams are only as safeguarded from falling for these traps as they are trained to avoid spear phishing tricks. The Russians were able to break into the DCCC and DNC through phishing, which allowed them to launch malware to steal passwords.
- Given that we know Russians have already launched several hacks like these in the past year, campaigns and election officials would do well to be wary of emails with links in them, especially if there are prompts to provide user credentials.
Microsoft declined to comment on the report.