Microsoft Corp. has detected and seized web domains created by cyber-attackers linked to the Russian military, in a potential attempt to manipulate and disrupt the U.S. midterm elections.
The shadowy group, known as Strontium, created domains that mimicked organizations such as the International Republican Institute and Hudson Institute so intended victims would believe they were receiving emails or visiting real sites, Microsoft President Brad Smith said in a blog post.
Microsoft said it’s sifting through evidence of the group’s intentions after getting a court order to take over those domains, effectively disrupting the hacking campaign.
The two targeted institutions are conservative bastions, which at times have been at odds with Russia or President Donald Trump.
Russia rejected Microsoft’s accusations that it was attempting to influence upcoming U.S. elections, which will determine control of Congress, Interfax reported Tuesday, citing an unidentified diplomatic official.
“Microsoft is playing political games,” Interfax cited the source as saying. “The (midterm) elections have not happened yet, but there are already allegations.”
Russia is accused of trying to sway the vote in 2016 through disinformation campaigns and targeted hacking, setting in motion a fiery dispute between Trump and Democrats. Even before Microsoft’s warning, top U.S. national security officials had sounded the alarm of further meddling in the midterm elections. At least three congressional candidates have already been hit with phishing attacks that strongly resemble Russian sabotage two years ago.
“Unfortunately, the internet has become an avenue for some governments to steal and leak information, spread disinformation, and probe and potentially attempt to tamper with voting systems,” Smith said in the blog post. “These domains show a broadening of entities targeted by Strontium’s activities.”
Would-be hackers set up legitimate-sounding websites and domains from which emails can be sent, say in a phishing attack. Microsoft said it’s found no evidence so far that the half-dozen domains in the latest case were employed in successful attacks, nor who any intended targets may have been. It said it’s notified and is working with the affected organizations.
The Hudson Institute has been critical of Russia in the past, while the International Republican Institute promotes democracy around the world and counts six Republican senators as well as a leading candidate among its directors, Microsoft said.
Those include Sen. John McCain — one of Trump’s most vocal critics in Congress — and former presidential candidate Mitt Romney. Both have criticized Trump’s interactions with Russia’s Vladimir Putin, particularly around a July summit meeting in Helsinki. In 2016, Russia blacklisted the institute as a threat to its national security.
In the latest example, Strontium also established a trio of domains that carried the “senate” keyword, and one that appeared to be from Microsoft’s own Office365 suite of cloud software. The company said it’s been monitoring domain activity with U.S. Senate IT staff for months, after previously uncovering attempted attacks on the staff of two Senators.
International tension over cybersecurity has escalated since the U.S. intelligence community concluded that Russia meddled in the 2016 presidential election with the goal of hurting Democratic candidate Hillary Clinton and helping elect Trump.
Strontium is known also as Fancy Bear or APT28 and has been linked to the Russian government and U.S. political hacks. The group has been associated with attacks also against the White House, NATO, European governments and business concerns.
In 2016, Microsoft attributed more so-called zero-day exploits — attacks taking advantage of security holes unknown to the product’s vendor — to Strontium than any other group it tracks.
“We are concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States,” Smith wrote. “Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France.”
Read on The Source