RUSSIAN government-aligned hackers who penetrated the Democratic Party in the US have spent the past few months laying the groundwork for an espionage campaign against the Senate, according to a cybersecurity investigation.

The revelation suggests the group, often nicknamed Fancy Bear, whose hacking campaign scrambled the 2016 US electoral contest, is trying to gather the emails of America’s political elite.

“They’re still very active - in making preparations at least - to influence public opinion again,” said Feike Hacquebord, a security researcher at Trend Micro, which published the report. “They are looking for information they might leak later.”

The Senate Sergeant at Arms office, which manages upper house security, declined to comment.

Like many cybersecurity companies, Trend Micro refuses to speculate publicly on who controls groups such as Fancy Bear, stating only that they have “Russia-related interests”.

But the US intelligence community alleges that Moscow’s military intelligence direct the hackers and a month-long Associated Press investigation into the hacking cell has determined that they are closely attuned to the Kremlin’s objectives.

Hacquebord’s report is based on the discovery of a clutch of suspicious-looking websites resembling the Senate’s internal email system. He then cross-referenced digital fingerprints associated with those sites to ones used almost exclusively by Fancy Bear, which his Tokyo-based firm dubs “Pawn Storm”.

Trend Micro previously drew international attention when it used the technique to uncover decoy websites apparently set up to harvest emails from Emmanuel Macron’s French presidential campaign last April.

The discovery was followed two months later by a still-unexplained publication of private emails from several Macron staffers in the final days of the race.

Hacquebord said the rogue Senate sites - set up in June and September 2017 - matched their French counterparts. “That is exactly the way they attacked the Macron campaign in France,” he explained.

Attribution is extremely tricky in the world of cybersecurity, where hackers routinely use misdirection and red herrings to fool their adversaries, but Tend Micro, which has followed Fancy Bear for years, said there could be no doubt.

“We are 100% sure that it can be attributed to the Pawn Storm group,” said Rik Ferguson, one of Trend Micro’s security researchers.

Fancy Bear’s alleged cyber attack on the Senate over the past few months would not be the first instance. An AP investigation found that several Senate staff were targeted between 2015 and 2016, including Marco Rubio and national security adviser Robert Zarate.

Fancy Bear’s now seems to have the Olympics on its radar. Trend Micro’s report alleges the group was going after emails from Olympic winter sports organisations, including international federations for ice hockey, luge and biathlon.

The targeting of Olympic groups comes as relations between Russia and the International Olympic Committee are particularly fraught.

Russian athletes are being forced to compete under a neutral flag in the upcoming Pyeongchang Olympics following an extraordinary doping scandal that has seen 43 athletes and several Russian officials banned for life.

Amid speculation that Russia could retaliate by orchestrating the leak of prominent Olympic officials’ emails, cybersecurity firms including McAfee and ThreatConnect have tracked signs that state-backed hackers are making moves against winter sports staff and anti-doping officials.