The group associated with the Russian government that attempted to influence the 2016 elections is now targeting conservative organizations ahead of the 2018 mid-term elections.
Microsoft said it located and shut down six internet domains created by a group associated with the Russian government known as Strontium, aka Fancy Bear or APT28. The sites were meant to mimic organizations such as the Hudson Institute and the International Republican Institute as well as sites related to the U.S. Senate. The pages aimed to convince users to click through links that would cause them to surrender their passwords to hackers.
Microsoft President Brad Smith noted in a blog post that these sites represent new ground for Russian hackers. The attacks are impersonating conservative think tanks that want to up sanctions against Russian and expose oligarchs, among other goals.
Importantly, these domains show a broadening of entities targeted by Strontium’s activities. One appears to mimic the domain of the International Republican Institute, which promotes democratic principles and is led by a notable board of directors, including six Republican senators and a leading senatorial candidate. Another is similar to the domain used by the Hudson Institute, which hosts prominent discussions on topics including cybersecurity, among other important activities. Other domains appear to reference the U.S. Senate but are not specific to particular offices. To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains.
Microsoft has been tangling with Fancy Bear for some time, and the company says it has shut down 84 websites associated with the group over the last two years. Microsoft observed that this activity is similar to attempts to sway elections in the U.S. in 2016 and France in 2017, and the company believes organizations on both sides of the aisle will be targeted.
“Despite last week’s steps, we are concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States,” Smith wrote. “Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France.”
Microsoft is ramping up for even more attacks as the November mid-terms approach. As a result, the tech giant is offering a new product to help political candidates and organizations fight off threats.
The tech giant has recently stepped up its cybersecurity efforts. In April, Microsoft pledged to spend $1 billion a year on cybersecurity research and development, and the company employs more than 3,500 security professionals working to solve problems.
Smith has called cybersecurity the “new battlefield” and not just as it relates to elections, but also widespread events like the devastating 2017 WannaCry attack that exploited a Windows vulnerability. Smith has repeatedly called for a “new digital Geneva Convention” to help tech companies and governments come together to protect people from cyber attacks.