Microsoft Seizes Domains Imitating Right-Wing Groups Controlled by Kremlin Hackers

Photo: AP

Last week, Microsoft took control of six internet domains allegedly being used by Russian hackers, the company said. The domains included one website apparently created to mimic an organization led by six Republican senators, the International Republican Institute, on whose board also sits Senate hopeful Mitt Romney.

The six domains, Microsoft said, are among 84 fake websites shut down by the company over the past two years believed to have been created by Russian government-sponsored hackers. The company said it remains concerned by Moscow’s continuing efforts to target elected officials and politicians spanning the political spectrum, and compared the hacking group’s efforts to the type of activity witnessed during the 2016 U.S. election and the 2017 election in France. Officials in Russia have characterized the “claims as unfounded,” the Associated Press reports.

Advertisement

A second domain seized by Microsoft last week was intended to spoof the Hudson Institute, a politically conservative think tank based in Washington D.C., the company said.

“Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit,” Microsoft said. “The sites involved in last week’s order fit this description.”

The domains were disrupted and transferred to Microsoft’s control by its Digital Crimes Unit after obtaining a court order, the company said.

The seized domains were identified by Microsoft as: my-iri.org, hudsonorg-my-sharepoint.com, senate.group, adfs-senate.services, adfs-senate.email, office365-onedrive.com.

Advertisement

However, Microsoft’s blog post on the matter states that it has “no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains.”

The hacking group behind the fake websites is identified as an advanced persistent threat known to Microsoft as Strontium. The group is also known as Fancy Bear, APT 28, and Pawn Storm, among other monikers.

Advertisement

In an interview with AP, Microsoft’s president and chief legal officer, Brad Smith, said the aim of Stronium’s activity appears to be “disrupting democracy” more than helping one party over another.

U.S. intelligence has asserted with high confidence that Strontium, which operates on behalf of Russia’s Main Directorate, an intelligence agency formerly known as the GRU, is responsible for hacking the Democratic Party and Clinton campaign in 2016.

Advertisement

President Donald Trump has repeatedly cast doubt on Russia’s involvement in the 2016 attacks.

In an email to Gizmodo, Microsoft said it is now announcing a new service, AccountGuard, which will provide cybersecurity protection at no extra cost to all candidates and campaign offices, as well as other political organizations. Initially, the threat-detection services will only be available for Microsoft products, such as Office 365, Outlook, and Hotmail.

Advertisement

“To be successful in defending democracy, technology companies, government, civil society, the academic community and researchers need to come together and partner in new and meaningful ways,” said Microsoft VP Tom Burt.

[Associated Press]

Advertisement

Share This Story

About the author

Dell Cameron

Privacy, security, tech policy | Got a tip? Email: dell@gizmodo.com | Send me encrypted texts using Signal: (202)556-0846

EmailTwitterPosts
PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AEPGP Key
OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD