Microsoft revealed that at least two conservative think tanks and government sites used by Congressional staff were hacked last week as part of an alleged operation linked to Russian military intelligence.
Reuters reports based on on an early Tuesday morning Microsoft press release:
The software giant said it thwarted the attempts last week by taking control of sites that hackers had designed to mimic the pages of The International Republican Institute and The Hudson Institute. Users were redirected to fake addresses where they were asked to enter usernames and passwords.
Microsoft specifically identified six fake websites designed to mimic real sites created by a group known as Fancy Bear, identified by cybersecurity firms as a key group behind the alleged 2016 hack of the Democratic National Committee and said to be directed by Russia’s GRU. Microsoft’s statement said it gained control of the sites after it was given a court order.
Microsoft argued in court that the domains were “associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28″ — though it cited no evidence that the attacks were ultimately successful, and the company says it’s still working with the targeted organizations to see if any breach was successful.
According to Microsoft the websites may have been used to launch cyberattacks on candidates ahead of November’s midterm elections. “We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,” the statement said.
The Congressional staff sites targeted included “senate.group” and “adfs-senate.email” — which are frequently used by senatorial staffers, in what Microsoft believes was a deliberate attempt to gain access to Senate emails and documents.
The notable conservative sites that were subject of the phishing scheme were the Hudson Institute, a conservative think tank with neocon leanings, and the International Republican Institute, whose board includes former Massachusetts Gov. Mitt Romney and Gen. H.R. McMaster, as well as six serving senators. The two targeted institutions are conservative bastions, which at times have been at odds with Russia or U.S. President Donald Trump.
The specific form of the attack is commonly known as spearfishing: “Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit,” Microsoft President Brad Smith explained in an official blog Microsoft blog post.
An official Kremlin response was not immediately forthcoming; however, Russian authorities are expected to address the claims Tuesday. Russia has frequently cited that it is seeking to strengthen ties with Washington, not damage relations, in the face of past Russian hacking allegations.
Microsoft has reportedly taken significant increased measures to defend against foreign state hacking in tandem with the US government and other American entities as part of its “Defending Democracy Program”, which it launched in April, similar to an initiative by social media giant Facebook, which partnered with a NATO-funded group last Spring.
Read on ZH