Microsoft Says Russian Operation Targeted U.S. Political Groups As Midterms Loom
Microsoft said it has identified several domain names that had been created by Russian hacking groups to launch phishing attacks and has removed their access controls.
The group known as Strontium (also known as Fancy Bear or APT28) has links with the Russian government and the attacks were designed to steal user information from conservative groups that promote democracy and advocate for cyber security.
“Broadening cyber threats to both US political parties make clear that the tech sector will need to do more to help protect the democratic process,” said Microsoft president Brad Smith in a blog post.
“Last week, Microsoft’s Digital Crimes Unit (DCU) successfully executed a court order to disrupt and transfer control of six internet domains created by a group widely associated with the Russian government.
“We have now used this approach 12 times in two years to shut down 84 fake web sites associated with this group.
“Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit. The sites involved in last week’s order fit this description.”
The attackers created web sites to mimic three US Senate web sites, along with Microsoft’s Office 365 web site and the sites of International Republican Institute and the Hudson Institute.
Microsoft’s announcement comes amid increasing cyber-tensions between Moscow and Washington and rising concerns regarding security ahead of the 2018 mid-term elections in the United States.
A federal grand jury in the US indicted 12 Russian intelligence officers earlier in July on charges of hacking the computer networks of 2016 Democratic presidential candidate Hillary Clinton and the Democratic Party.
Microsoft said it is expanding its ‘Defending Democracy Programme’ which will provide free state-of-the-art cyber-security protection to all political candidates and campaign offices at the federal, state and local level in addition to think tanks and political organisations that it believes are under attack.
While the protection technology is free, candidates and organisations need to be using its premium Office 365 suite to take advantage of it.
Special Counsel Robert Mueller is investigating Russia’s role in the 2016 election and whether the campaign of Republican candidate Donald Trump colluded with Moscow. Russia denies meddling in the elections while President Trump has denied any collusion.
“They are pursuing attacks that they perceive in their own national self-interest,” said Eric Rosenbach, the director of the Defending Digital Democracy project at Harvard University, on Monday to the New York Times. “It’s about disrupting and diminishing any group that challenges how Putin’s Russia is operating at home and around the world.”