Microsoft: Russia attempted hack of Senate, conservative think tanks
Microsoft on Tuesday announced that it had shut down six websites created by hackers linked to Russia’s military, the latest sign of potential foreign interference ahead of the 2018 midterm elections.
The websites targeted the conservative think tanks the Hudson Institute and the International Republican Institute as well as the U.S. Senate. Microsoft said the Senate domains targeted “are not specific to particular offices” or senators.
Microsoft said the false sites were created by “Fancy Bear,” a group linked to the Russian Intelligence agency GRU that was also behind the hack of the Democratic National Committee (DNC) in 2016.
The domains, Microsoft said, were altered to appear similar to its own services in an attempt to possibly trick U.S. users into providing their personal information to hackers.
The technique, known as spear-phishing, was used successfully by Russian agents during the 2016 election to illegally obtain emails from Hillary Clinton’s campaign for president and the DNC.
Microsoft said a judge in the Eastern District of Virginia last week granted it control of the websites, which could have been used to launch cyberattacks on candidates and other political groups ahead of the midterm elections.
Microsoft President Brad Smith wrote in a blog post that Microsoft currently has “no evidence” that the sites were used to successfully carry out a cyberattack, nor evidence as to who would be the ultimate targets of an attack. He noted that the activity “mirrors the type” that was seen prior to the 2016 election.
“Despite last week’s steps, we are concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States,” Smith wrote. “Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France.”
Russian officials denied Microsoft’s report in a statement to Interfax, accusing U.S. counterparts of ginning up controversy before the midterm elections.
“Microsoft is playing political games,” a Russian source told InterFax. “The [midterm U.S.] elections have not happened yet, but there are already allegations.”
Smith wrote in his blog post that the company has been in touch with the targeted think tanks and that Microsoft “will continue to work closely with them and other targeted organizations on countering cybersecurity threats to their systems.”
The New York Times noted that both think tanks have done work challenging the Russian government: The International Republican Institute, which was chaired by Sen. John McCain (R-Ariz.) until this year, promotes democracy across the world, while the Hudson Institute has been critical of the Kremlin.
Microsoft also announced that it would be offering a free cybersecurity program to candidates and campaign offices across all levels of government, as well as to “think tanks and political organizations we now believe are under attack.”
Microsoft’s latest revelation comes just one month after the company first said that it identified and helped block hacking attempts on three congressional candidates earlier this year, the first publicly known cyberattacks on candidates in the 2018 midterm elections.
The Daily Beast reported shortly afterward that Sen. Claire McCaskill (Mo.), a vulnerable red-state Democrat, was unsuccessfully targeted by Russian hackers.
Two congressional Democratic candidates in California were also reportedly the target of cyberattacks during their unsuccessful primary bids; it’s unclear who was behind those efforts.
Special counsel Robert Mueller last month indicted 12 Russian military officers in the 2016 hacking of the DNC.
John Bowden contributed to this report, which was updated at 8:20 a.m.