Microsoft Announces More Attacks From Russian Hackers

Microsoft has announced that a hacking group tied to the Russian government created fake internet domains ahead of this year’s midterm elections.

According to the Washington Post:

A group affiliated with the Russian government created phony versions of six websites — including some related to public policy and to the U.S. Senate — with the apparent goal of hacking into the computers of people who were tricked into visiting.”

The fake websites appeared to copy two American conservative organizations: the Hudson Institute and the International Republican Institute. Three other fake domains were designed to look as if they belonged to the U.S. Senate.

Microsoft didn’t offer any further description of the fake sites but did say it had discovered and disabled them.

The unsettling discovery of new Russian hacking in the U.S. came a few weeks after Microsoft discovered hacking of the computer systems of Sen. Claire McCaskill, a Missouri Democrat who is running for re-election. They were able to prove that Russian hackers tried without success to penetrate the computer network of her Senate office.

The hacking effort was led by the notorious APT28 hacking group which actively interfered in the 2016 presidential election. They have been publicly connected to a Russian intelligence agency.

U.S. intelligence officials said the group’s efforts were focused on helping to elect Republican Donald Trump to the presidency by harming Hillary Clinton and creating social discord.

Brad Smith, Microsoft’s president and chief legal officer, said that the current hacking by Russia is not focused on helping any one candidate or political party. Instead, he said, “this activity is most fundamentally focused on disrupting democracy.”

Smith said there is no sign the hackers were successful in persuading anyone to click on the fake websites. If they had clicked on them, they would have been exposed to computer infiltration, hidden surveillance and data theft.

Both conservative think tanks said they have been on the lookout for “spear-phishing” email attacks which are used to invade computer networks. They said that authoritarian governments from around the world have targeted them because their global pro-democracy work.

“We’re glad that our work is attracting the attention of bad actors,” said Hudson Institute spokesman David Tell. “It means we’re having an effect, presumably.”

Microsoft calls the Russian hacking group Strontium but other names for it are Fancy Bear and APT28.

Robert Mueller has connected the group to Russia’s intelligence agency, the GRU, and and said they were responsible for the 2016 email hacking of both the Democratic National Committee and the campaign of Hillary Clinton.

“We have no doubt in our minds” who is responsible, Smith said.

Microsoft sued Strontium in a Virginia federal court in 2016. They got court approval last year to seize some phony domains created by the group. So far it has used the courts to close down 84 fake websites they created.

Microsoft also announced that they are going to offer free cybersecurity protection to all U.S. political candidates, campaigns and other political organizations. The only condition is that they  must be already using Microsoft’s Office 365 productivity software. Facebook and Google have also announced that they are offering similar tools to fight hacking and campaign interference by outside groups intent on doing harm to America’s elections.