Overnight Cybersecurity: DHS hits back at claims Russia breached voter sites | Trump launches new attack on Sessions over surveillance | Russia-linked group behind new cyberattacks | Iranian hackers expand operations

View in your browser       Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...   THE BIG STORIES: --DHS DENIES NBC ELECTION HACKS REPORT: The Department of Homeland Security (DHS) is denying the accuracy of an NBC News report that alleged Russia breached voter sites or registration systems in seven U.S. states prior to the 2016 election. "NBC's reporting tonight on the 2016 elections is not accurate and is actively undermining efforts of the Department of Homeland Security to work in close partnership with state and local governments to protect the nation's election systems from foreign actors," DHS acting press secretary Tyler Q. Houlton said in a statement. His comments come after U.S. intelligence officials told NBC News that an analysis requested by President Obama in the last weeks of his administration showed that Russian operatives penetrated the websites or databases of Alaska, Arizona, California, Florida, Illinois, Texas and Wisconsin. The officials said that several states were warned about the breaches before the 2016 election, but none were told that Moscow was behind it. But DHS pushed back, saying in its statement: "We have no intelligence – new or old – that corroborates NBC's reporting that state systems in seven states were compromised by Russian government actors.  We believe tonight's story to be factually inaccurate and misleading." DHS said that NBC's reporting appeared to be relying on "working documents based on preliminary information and ongoing investigations, not confirmed and validated intelligence on Russian activities." Homeland Security has repeatedly said that Russian hackers targeted election-related infrastructure in 21 states, and that most of the activity was not successful and involved preparations for hacking. Illinois said officials detected a cyberattack on its voter registration system in 2016 but that nothing had been altered. This is not the first NBC News report on possible Russian hacking that has drawn fire from DHS. Earlier this month, the agency pushed back against a report from the news outlet that claimed Russian hackers had "successfully penetrated" several U.S. voter rolls before the election. To read more of our coverage, click here and here.   --TRUMP UNLEASHES ON SESSIONS: President Trump on Wednesday launched a new attack on Attorney General Jeff Sessions, calling it "disgraceful" that he has asked an inspector general and not Justice Department lawyers to investigate potential surveillance abuses. The president said the Justice Department's inspector general is ill-equipped to probe allegations that the Foreign Intelligence Surveillance Act (FISA) was improperly used to monitor members of his transition team. "Why is A.G. Jeff Sessions asking the Inspector General to investigate potentially massive FISA abuse," Trump tweeted. "Will take forever, has no prosecutorial power and already late with reports on Comey etc. Isn't the I.G. an Obama guy? Why not use Justice Department lawyers? DISGRACEFUL!" Trump's public shaming is the latest in a long line of attacks against Sessions, whom he has repeatedly criticized for recusing himself from the Justice Department's investigation into Russian election meddling, which is now being led by special counsel Robert Mueller. The dust-up comes one day after the attorney general announced his department's internal watchdog would look into Trump's claims that Obama administration officials misused their surveillance powers to track his associates following the 2016 presidential race. Sessions issued a statement following the criticism pledging to carry out his duties as the nation's top law enforcement officer with "integrity and honor." "We have initiated the appropriate process that will ensure complaints against this Department will be fully and fairly acted upon if necessary," Sessions said in a statement. "As long as I am the Attorney General, I will continue to discharge my duties with integrity and honor, and this Department will continue to do its work in a fair and impartial manner according to the law and Constitution," he added. To read more of our coverage, click here and here.   --RUSSIA-LINKED GROUP BEHIND NEW ATTACKS: Security experts say that a hacking group widely believed to be linked to the Russian government has been executing cyberattacks against diplomats in North America and Europe. Cyber firm Palo Alto Networks said Wednesday that Sofacy, commonly known as "Fancy Bear" and "APT28," is behind a spear phishing attack that has targeted foreign affairs agencies and ministries in North America and Europe. Palo Alto Networks has not linked the group to a particular nation-state. But other security firms like FireEye and CrowdStrike have said it is connected to Russia. The U.S. intelligence community has blamed the hacking group for cyberattacks against top Democratic officials ahead of the 2016 presidential election. Palo Alto Networks says its research clearly shows that Sofacy used the same tools and methods it has previously utilized in past attacks to carry out this latest attack. The researchers said that the hackers used a spear phishing email purporting to come from Jane's 360, a British publishing company that specializes in military and aerospace topics. The email says it contains a schedule of events, which is actually a malicious document attachment. "They continue to be persistent in their attack campaigns and continue to use similar tooling as in the past," the blog post says of Sofacy. "This leads us to believe that their attack attempts are likely still succeeding, even with the wealth of threat intelligence available in the public domain." Meanwhile, Germany disclosed that its security services discovered that Sofacy infiltrated its Foreign and Defense ministries in December, according to media reports that emerged Wednesday. Germany reportedly said the cyberattack likely unfolded as a result of malware. To read more of our coverage, click here.     A LEGISLATIVE UPDATE:  The Senate Energy and Natural Resources Committee will hold a hearing Thursday morning on the cybersecurity of U.S. energy infrastructure. The hearing will feature testimony from government officials as well as private sector representatives, and will aim to assess "private sector and government challenges and opportunities to promote the cybersecurity and resiliency of our nation's critical energy infrastructure," according to the committee. The witness list includes Bruce Walker, an assistant secretary in the Energy Department's Office of Electricity Delivery and Energy Reliability, as well as Robert Lee, chief executive officer at Dragos, an industrial network cybersecurity firm.   A REPORT IN FOCUS:  IRANIAN HACKING GROUP EXPANDS OPERATIONS: An Iranian hacking group has expanded its international operations and tool kit to carry out attacks, according to new research, a sign of its growing ambitions and capabilities. Over the past year, the Iran-based hacker group dubbed "Chafer" has moved from focusing its surveillance operations on domestic targets to those located in other countries in the Middle East, according to new research published by Symantec. Symantec first identified the group in 2015, though they believe Chafer's activity dates back to at least July 2014. "It shows that Chafer in the years of existence has expanded their own mandate," Vikram Thakur, Symantec's security response technical director, told The Hill. "We don't think that Chafer is going to be ceasing their operations or attacks anytime soon." Chafer has orchestrated attacks against organizations located in Israel, Jordan, the United Arab Emirates, Saudi Arabia and Turkey. The group began using seven new tools and targeting nine new organizations in its operations in 2017, according to the research published late Tuesday. Symantec also said it observed evidence of the hackers attempting to attack an airline in Africa and an international travel reservations firm last year. Chafer's targets span a number of sectors, including aircraft services, IT companies, telecoms providers and engineering consultancies. While researchers have no definitive evidence linking the group to Iran's government, Thakur observed that the information they are targeting in spy operations -- such as airline manifests -- would be more valuable to the public sector than the private sector. "The information they're seeking is more likely to be usable by the government," Thakur said. "Whether they are working on behalf of the government or they're doing it on their own accord with plans to sell the information to a third party, we have no idea." Symantec has not yet tracked Chafer operations against organizations in the United States, but Thakur said that the group could look to target organizations in western countries in the future. To read the rest of our piece, click here.   A LIGHTER CLICK:  Will A.I. soon be pouring your morning cup of coffee? It's possible. (Technology Review)   WHAT'S IN THE SPOTLIGHT:  THE VA: The alleged hacking of a former top aide at the Department of Veterans Affairs (VA) was unrelated to the travel scandal she was embroiled in and was limited to "relatively unsophisticated 'spoofing,'" according to a government watchdog. At issue is the VA inspector general's allegation that Vivieca Wright Simpson, who has since resigned as chief of staff, doctored an email in order to gain approval to use taxpayer dollars to pay for VA Secretary David Shulkin's wife to accompany him on a trip to Europe. Shulkin has said Wright Simpson showed him evidence backing up her denial that she sent the email in question and has suggested the email was sent by hackers looking to undermine him. In a letter released Wednesday by the top Democrat on the House Veterans' Affairs Committee, the VA's Office of Inspector General (OIG) says it secured Wright Simpson's VA-issued computers and mobile devices in consultation with the FBI and Department of Justice (DOJ), but that it does not believe a forensic analysis is warranted. "In the nearly two weeks since the release of our report, the nature of the alleged compromise of Ms. Wright Simpson's VA email account has become clearer," Inspector General Michael Missal wrote in the letter. "The OIG now believes that the allegations of 'hacking' are limited to unrelated and relatively unsophisticated 'spoofing' of Ms. Wright Simpson's identity through messages sent from an external, non-VA email address." The evidence Wright Simpson showed Shulkin was an email sent Feb. 14 to a VA finance employee seeking to obtain payment on a purchase order, Missal said. The email was marked "external" and was sent from a comcast.net email address using "Vivieca Wright Simpson" as the display name. "Given the 'external' markings and the comcast.net email domain, it is obvious from the face of the 'Vivieca Wright Simpson' email that it did not originate from the VA email system," Missal wrote. The VA's information technology (IT) staff also told the inspector general that it has no evidence Wright Simpson's actual VA email account was compromised, Missal said. IT staffers have, however, identified a phishing attack where a VA employee is impersonated in order to get another employee to reveal private information or to get a fraudulent payment. "VA IT staff appear to be keeping VA employees informed and advised of actions they should take in response to such efforts," Missal wrote. "We will continue to work with the department to monitor the alleged phishing/spoofing and stand ready to investigate all credible allegations of email and computer hacking or other violations at VA if additional evidence is developed." Shulkin told the inspector general he "did not mean to imply" to reporters that Wright Simpson's VA account was hacked. To read the rest of our piece, click here.   IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Armed Services chairman on Russian meddling: 'There has to be a price to be paid.' (The Hill) Hope Hicks is resigning from the White House, one day after meeting with the House Intelligence Committee. (The Hill) Manafort trial date set for Sept. 17. (The Hill) State Dept. expects Kushner to continue work on Middle East peace initiatives despite loss of top-secret security clearance. (The Hill) Special Counsel Robert Mueller has started asking about hacked Democratic emails. (NBC) Data from Capital One was left exposed on an Amazon server. (Gizmodo) A new Smartphone features a wallet for cryptocurrency. (NextGov) If you'd like to receive our newsletter in your inbox, please sign up here.     Join The Hill on Wednesday, March 21, for Leadership in Action: The Hill's Newsmaker Series featuring Sen. Lamar Alexander (R-Tenn.) and Reps. Nanette Barragán (D-Calif.), and Joe Crowley (D-N.Y.). RSVP Here           Did a friend forward you this email? Sign up for Cybersecurity Newsletters     Forward Cybersecurity Newsletters       Privacy Policy  |  Manage Subscriptions  |  Unsubscribe  |  Email to a friend  |  Sign Up for Other Newsletters   The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 ©2016 Capitol Hill Publishing Corp., a subsidiary of News Communications, Inc.