Microsoft has taken over control of six internet phishing domains created by a group associated with the Russian government that is targeting US organisations.
The cyberattack group known as Fancy Bear, Strontium or APT28 is considered part of an operation in Russian intelligence that targets the US Senate and think tanks which argue for policies against Russia.
According to cybersecurity firms, Fancy Bear was also behind the 2016 hack of the Democratic Party’s governing body, which it is claimed helped facilitate Donald Trump’s presidential victory.
Internet phishing domains attack US democracy
Trump continues to deny or downplay Russia’s involvement and interference in US politics, in contradiction with the intelligence community.
Priscilla Moriuchi, director of strategic threat development at Recorded Future said: “It is a mistake to believe that the Russian government is a partisan political actor; it is not. Vladimir Putin uses cyber operations to promote those who support his political agenda and undermine those who do not. This includes people and organisations on both sides of the political isle.”
Microsoft said the domains were posing as company services for US political organisations, which include the Hudson Institute and International Republican Institute, with domain names designed to resemble sites used by congressional staff, including “senate.group” and “adfs-senate.email.”
Hackers could have used the domains to send emails to Senate staffers or people working in related organisations, tricking them into handing over sensitive information.
Kremlin denies Russian cyberattacks
Dan Arenson, a senior analyst at Falanx Group, said: “The Kremlin has particularly sought to discredit anti-Trump groups, including within the Republican Party.”
Russian hacking groups are thought to target conservative as well as liberal groups in the US, to make it harder for investigators to hold one particular country or organisation responsible.
The Kremlin denied attacks, a spokesman said: “We don’t know which hackers they are talking about, we don’t know what is meant about the impact on elections.”
Microsoft take action ahead of mid-terms
Further cyberattacks are expected ahead of the mid-term elections in the USA, with the intention of damaging confidence in the democratic process, and weakening electoral prospects for Trump’s opponents, who tend to be more supportive of sanctions on Russia.
Microsoft said it would be launching a specialised cybersecurity protection service called AccountGuard, because of threats to political groups in the US.
Brad Smith, President at Microsoft said: “It’s clear that democracies around the world are under attack. Foreign entities are launching cyber strikes to disrupt elections and sow discord. Unfortunately, the internet has become an avenue for some governments to steal and leak information.”