Last week, Microsoft took control of six internet domains allegedly being used by Russian hackers, the company said. The domains included one website apparently created to mimic an organization led by six Republican senators, the International Republican Institute, on whose board also sits Senate hopeful Mitt Romney.
The six domains, Microsoft said, are among 84 fake websites shut down by the company over the past two years believed to have been created by Russian government-sponsored hackers. The company said it remains concerned by Moscow’s continuing efforts to target elected officials and politicians spanning the political spectrum, and compared the hacking group’s efforts to the type of activity witnessed during the 2016 U.S. election and the 2017 election in France. Officials in Russia have characterized the “claims as unfounded,” the Associated Press reports.
A second domain seized by Microsoft last week was intended to spoof the Hudson Institute, a politically conservative think tank based in Washington D.C., the company said.
“Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit,” Microsoft said. “The sites involved in last week’s order fit this description.”
The domains were disrupted and transferred to Microsoft’s control by its Digital Crimes Unit after obtaining a court order, the company said.
The seized domains were identified by Microsoft as: my-iri.org, hudsonorg-my-sharepoint.com, senate.group, adfs-senate.services, adfs-senate.email, office365-onedrive.com.
However, Microsoft’s blog post on the matter states that it has “no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains.”
The hacking group behind the fake websites is identified as an advanced persistent threat known to Microsoft as Strontium. The group is also known as Fancy Bear, APT 28, and Pawn Storm, among other monikers.
In an interview with AP, Microsoft’s president and chief legal officer, Brad Smith, said the aim of Stronium’s activity appears to be “disrupting democracy” more than helping one party over another.
U.S. intelligence has asserted with high confidence that Strontium, which operates on behalf of Russia’s Main Directorate, an intelligence agency formerly known as the GRU, is responsible for hacking the Democratic Party and Clinton campaign in 2016.
President Donald Trump has repeatedly cast doubt on Russia’s involvement in the 2016 attacks.
In an email to Gizmodo, Microsoft said it is now announcing a new service, AccountGuard, which will provide cybersecurity protection at no extra cost to all candidates and campaign offices, as well as other political organizations. Initially, the threat-detection services will only be available for Microsoft products, such as Office 365, Outlook, and Hotmail.
“To be successful in defending democracy, technology companies, government, civil society, the academic community and researchers need to come together and partner in new and meaningful ways,” said Microsoft VP Tom Burt.