Microsoft finds new Russian effort to hack US political groups

The attackers created websites to mimic three U.S. Senate websites, Microsoft’s Office 365 website, International Republican Institute sites and the Hudson Institute. (Reuters pic)

HONG KONG: Microsoft Corp. disclosed a new effort by a group of cyber-attackers linked to the Russian government to target American groups, including those affiliated with the Republican Party, ahead of the US midterm elections.

The shadowy group, known as Strontium, created six web domains that mimicked organizations such as the International Republican Institute and were intended to mask attacks, President Brad Smith said in a blog post. Microsoft said it’s sifting through evidence of the group’s intentions after applying for and getting a court order to take over those domains, effectively disrupting the hacking campaign.

Russia is accused of trying to sway the vote in 2016 through disinformation campaigns and targeted hacking, as well as the leak of information. But President Donald Trump’s top national security officials are again sounding the alarm ahead of the midterm elections, with control of Congress at stake. At least three congressional candidates have already been hit with phishing attacks that strongly resemble Russian sabotage in the 2016 campaign.

“Unfortunately, the internet has become an avenue for some governments to steal and leak information, spread disinformation, and probe and potentially attempt to tamper with voting systems,” Smith said in the blog post. “These domains show a broadening of entities targeted by Strontium’s activities.”

The Trump-Russia saga

Would-be hackers set up legitimate-sounding websites and domains from which emails can be sent, say in a phishing attack. But Microsoft said it’s found no evidence so far that the half-dozen domains in the latest case were employed in successful attacks, nor who any intended targets may have been. It said it’s notified and is working with the affected organizations.

Strontium is known also as Fancy Bear or APT28 and has been previously linked to the Russian government and US political hacks. In 2016, Microsoft attributed more so-called zero-day exploits — attacks taking advantage of security holes unknown to the product’s vendor — to Strontium than any other group it tracks.

“Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France,” Smith wrote.