Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Stay on top of the latest market trends
Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.
Sports news worthy of your time
Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.
Tech news worthy of your time
Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.
Get the inside stories
Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Want a daily digest of the top Denver news?
Get a daily digest of the most important stories affecting your hometown with Axios Denver
Want a daily digest of the top Des Moines news?
Get a daily digest of the most important stories affecting your hometown with Axios Des Moines
Want a daily digest of the top Twin Cities news?
Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities
Want a daily digest of the top Tampa Bay news?
Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay
Want a daily digest of the top Charlotte news?
Get a daily digest of the most important stories affecting your hometown with Axios Charlotte
Photo: Mark Wilson/Getty Images
Sen. Claire McCaskill’s team was targeted with spear phishing attempt from Russia’s intelligence unit around August 2017, according to The Daily Beast. Sen. McCaskill claims the attack wasn't successful, according to her statement on the attempt.
Why it matters: This is the first publicly identified target of the cyber attacks Moscow has launched in the buildup to the 2018 midterms. McCaskill is a vulnerable Democrat running for reelection in Missouri, a state where President Trump beat out Hillary Clinton in 2016 by almost 20 points.
Homeland Security Secretary Kirstjen Nielsen has previously said Russia is not launching attacks at the scale and scope of the 2016 attacks.
- Microsoft said last week at the Aspen Security Forum that two other campaigns have been targeted like this, although would not specify whether Russia was responsible.
The details: Senate targets received emails that claimed they needed to reset an expired Microsoft Exchange password. By clicking on a link in that email, they were redirected to a site made to look like the Senate’s Active Directory Federation Services (ADFS) login page, individualized based on who clicked.
- A Virginia judge issued a permanent injunction against the Russian intelligence hackers last August, which allowed Microsoft to take over websites hackers are responsible for that use Microsoft’s trademark.
The big picture: Individual campaigns and lawmakers’ staffing teams are only as safeguarded from falling for these traps as they are trained to avoid spear phishing tricks. The Russians were able to break into the DCCC and DNC through phishing, which allowed them to launch malware to steal passwords.
- Given that we know Russians have already launched several hacks like these in the past year, campaigns and election officials would do well to be wary of emails with links in them, especially if there are prompts to provide user credentials.
Microsoft declined to comment on the report.