Russian hackers target Republican think tanks critical of Moscow, Microsoft says

Image: Getty Images/Cultura RF

Russia’s intelligence agency is ramping up its hacking attempts on U.S. political targets as the Midterm elections get nearer. The hackers’ latest target: conservative think tanks which have broken from President Donald Trump and are seeking continued sanctions against Moscow.

In a report posted on Microsoft’s website by company president Brad Smith, Microsoft announced they had taken control of 6 domains via court order that were being set up by Russian hackers to deploy in a spearphishing attack. The company pointed out that it “currently [has] no evidence these domains were used in any successful attacks.”

A spearphishing attack is carried out when an attacker presents him or herself as a trusted source via email address or spoofed website and uses that cover to pull sensitive information such as an email password from their target. 

The 6 domains seized by Microsoft include my-iri.org, hudsonorg-my-sharepoint.com, senate.group, adfs-senate.services, adfs-senate.email and office365-onedrive.com.

Some of the hackers’ domains were setup to spoof Microsoft services and generic Congressional staffer websites. However, a few other domains specifically targeted two conservative groups that have been been critical of Russia — Republican think tank Hudson Institute and the International Republican Institute, whose board of directors consist of GOP leaders such as Mitt Romney, Lt. Gen. H.R. McMaster, and a number of sitting U.S. Senators such as John McCain and Alaska Senator Dan Sullivan. Microsoft mentions in its report that it does not “have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains.”

The domains were all linked to Fancy Bear, the Russian hacking group that was unveiled to be a GRU or Russian intelligence agency operation when special counsel Robert Mueller indicted 12 Russian intelligence officials earlier last month.

Last month at the Aspen Security Forum, Microsoft VP Tom Burt spoke of how Microsoft was able to launched by the Russian intelligence agency against three midterm election candidates.  At the time, Burt did not name the three candidates who were the targets. later discovered a historical archived snapshot of the domain “qov.info,” which was had been seized by Microsoft, displayed the phishing page setup by hackers to target a staffer of Democratic Senator Claire McCaskill, a frequent critic of Russia. 

Microsoft’s ability to put a quick end to all of these hacking attempts is thanks to a federal court injunction, brought upon by the frequency of these phishing attempts, that allows Microsoft to seize the domain name of any website hackers that use a Microsoft trademark.

In addition to the thwarted phishing attempts, Microsoft announced in its post a new cybersecurity service called AccountGuard that they’re rolling out for all political candidates, campaigns, and organizations using Microsoft Office 365. AccountGuard will provide users of Microsoft’s service with threat notifications, security guidance and ongoing cybersecurity education. This is all being launched under Microsoft’s Defending Democracy program that the company launched in an effort to protect political campaigns and the electoral process from hacking.