Microsoft alleges more Russian attacks ahead of midterm elections

It shut down sites created by hackers believed to have ties to Moscow.

August 21, 2018, 7:51 AM

Microsoft has thwarted newly attempted cyberattacks by Russian hackers targeting U.S. political campaigns before the midterm elections, the company alleged Monday.

The tech behemoth’s Digital Crimes Unit acted on a court order last week, shutting down six fake internet domains operated by hackers associated with the Russian government, the Redmond, Washington-company said in a blog post late Monday.

“Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit. The sites involved in last week’s order fit this description,” Microsoft president Brad Smith wrote. “We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections.”

The six domains are among the 84 fake websites Microsoft has shuttered in the past two years associated with a group of hackers that goes by the name Strontium, Fancy Bear and/or APT28, which is associated with the Russian government, the company said.

The news came less than a month after Microsoft disclosed failed phishing attacks targeting three undisclosed candidates in this year's midterm elections. It did not say who it believed was behind those attacks.

The fake websites in the most recent attempts appeared to mimic domains associated with the conservative nonprofits Hudson Institute and International Republican Institute. The latter has six Republican senators and at least one leading senatorial candidate on its board, according to Microsoft.

The other domains seemed to reference the U.S. Senate but they were not specific to any particular offices, according to the Microsoft president.

“Despite last week’s steps, we are concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States,” Smith said. “Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France.”

Jan Surotchak, Europe regional director for the International Republican Institute, blamed the Russian Federation. Russia has repeatedly denied such accusations.

“Moscow is actively trying to sway public opinion throughout Europe as a way to expand its military and political clout,” Surotchak said in a statement Tuesday morning. “It’s not just in places like eastern Ukraine. It’s in places we once believed were firmly in the democratic camp, such as Visegrad, the Baltic States, and much of the Balkans. IRI is one of the few organizations in a position to quickly and effectively counteract this misinformation.”

The Hudson Institute did not immediately respond to ABC News’ request for comment. Microsoft said it was in contact with both organizations after the apparent hacking attempts.

Microsoft said there was no evidence to suggest that the fake “domains were used in any successful attacks.”

Microsoft also announced a new initiative, AccountGuard, to help political candidates combat hacking attempts. The added protection is free for all political candidates, campaign offices, think tanks and political organizations which “we now believe are under attack,” according to Microsoft.

Related Topics