A group affiliated with the Russian government created phony versions of six websites — including some related to public policy and to the U.S. Senate — with the apparent goal of hacking into the computers of people who were tricked into visiting, according to Microsoft, which said Monday night that it discovered and disabled the fake sites.
The effort by the notorious APT28 hacking group, which has been publicly linked to a Russian intelligence agency and actively interfered in the 2016 presidential election, underscores the aggressive role Russian operatives are playing ahead of the midterm congressional elections in the United States. U.S. officials have repeatedly warned that the November vote is a major focus for interference efforts. Microsoft said the sites were created over the past several months, and that the company was able to catch them early, as they were being set up. It did not go into more specifics.
New Russian Hacking Targeted Republican Groups, Microsoft Says
The Russian military intelligence unit that sought to influence the 2016 election appears to have a new target: conservative American think tanks that have broken with President Trump and are seeking continued sanctions against Moscow, exposing oligarchs or pressing for human rights.
In a report scheduled for release on Tuesday, Microsoft Corporation said that it detected and seized websites that were created in recent weeks by hackers linked to the Russian unit formerly known as the G.R.U. The sites appeared meant to trick people into thinking they were clicking through links managed by the Hudson Institute and the International Republican Institute, but were secretly redirected to web pages created by the hackers to steal passwords and other credentials.
Microsoft also found websites imitating the United States Senate, but not specific Senate offices or political campaigns.
Russian hackers targeting more US political groups, Microsoft says [AP]
Microsoft says it has uncovered new Russian hacking attempts targeting US political groups before the midterm elections. The company said a group linked to the Russian government created fake internet domains that appeared to spoof two US conservative organisations: the Hudson Institute and the International Republican Institute. Three other fake domains were designed to look as if they belonged to the Senate.
We are taking new steps against broadening threats to democracy by Brad Smith – President
It’s clear that democracies around the world are under attack. Foreign entities are launching cyber strikes to disrupt elections and sow discord. Unfortunately, the internet has become an avenue for some governments to steal and leak information, spread disinformation, and probe and potentially attempt to tamper with voting systems. We saw this during the United States general election in 2016, last May during the French presidential election, and now in a broadening way as Americans are preparing for the November midterm elections.
Broadening cyberthreats to both U.S. political parties make clear that the tech sector will need to do more to help protect the democratic process. Last week, Microsoft’s Digital Crimes Unit (DCU) successfully executed a court order to disrupt and transfer control of six internet domains created by a group widely associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28. We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group. Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit. The sites involved in last week’s order fit this description.