Microsoft announced on Monday that they seized websites created by Russian hackers targeting two right-wing U.S. think-tanks, indicating they were broadening their attacks in the build-up to November elections.
Microsoft said it prevented the attempts last week when they took control of sites that the hackers had designed to imitate the pages of The International Republican Institute and The Hudson Institute, think tanks that have disagreed with President Trump on ending Russian sanctions.
Once redirected, users were asked to enter their usernames and passwords.
Fox News reports:
Three other fake domains were designed to look as if they belonged to the U.S. Senate.
“To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU [Digital Crime Unit] transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains,” Microsoft said on the blog.
Microsoft called the hacking group Strontium; others call it Fancy Bear or APT28. The special counsel Robert Mueller indictment has tied it to Russian’s main intelligence agency, known as the GRU, and to the 2016 email hacking of both the Democratic National Committee and the Clinton campaign.
“The Russians are seeking to disrupt and divide,” Brad Smith, Microsoft’s president said, according to the paper. “There is an asymmetric risk here for democratic societies. The kind of attacks we see from authoritarian regimes like Russia are seeking to fracture and splinter groups in our society.”
The Washington Post reported that there were phony versions of six websites.
Smith said there is no sign the hackers were successful in persuading anyone to click on the fake websites, which could have exposed a target victim to computer infiltration, hidden surveillance and data theft.
Both conservative think tanks said they have tried to be vigilant about “spear-phishing” email attacks because their global pro-democracy work has frequently drawn the ire of authoritarian governments.
“We’re glad that our work is attracting the attention of bad actors,” said Hudson Institute spokesman David Tell. “It means we’re having an effect, presumably.”
Microsoft calls the hacking group Strontium; others call it Fancy Bear or APT28. An indictment from U.S. special counsel Robert Mueller has tied it to Russian’s main intelligence agency, known as the GRU, and to the 2016 email hacking of both the Democratic National Committee and the Clinton campaign.
“We have no doubt in our minds” who is responsible, Smith said.
In July, Facebook found a “sophisticated effort” to disrupt U.S. politics in advance of the midterm elections, which may have been linked to Russia, and closed down 32 accounts or pages that were fake.