Russian hackers targeting conservative US thinktanks, Microsoft says – By Alex Hern and agencies (theguardian.com) / Aug 21 2018
Firm claims Kremlin-linked group created fake websites for Senate and thinktanks
The hacking attempts mirror those carried out before the 2016 presidential election. Photograph: Zach Gibson/Getty Images
The Russian group linked to the hacking of Hillary Clinton’s presidential election campaign has been launching fresh attacks in the US, including against two conservative thinktanks, in the run-up to the midterm elections.
According to Microsoft, which uncovered the new attempts, the hackers created fake websites that appeared to mimic the Hudson Institute and the International Republican Institute, two rightwing thinktanks broadly allied against Donald Trump. Three other fake domains were designed to look as if they belonged to the Senate.
Microsoft attributed the hacking attacks to a group that it calls Strontium, which is known to other security firms as Fancy Bear and APT28. The group was previously linked to the email hacking of the Democratic National Committee and the Clinton campaign. According to the US special counsel Robert Mueller, Fancy Bear has ties to the Russian intelligence agency, the GRU.
Brad Smith, Microsoft’s president, said: “We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections.”
He said the company had shut down 84 fake websites associated with Fancy Bear over the past two years by obtaining court orders to transfer control of the domains. As to where responsibility for the hacking attacks lay, Smith said: “We have no doubt in our minds.”
According to the information shared by Microsoft, the fake websites were intended to mimic the company’s login pages for tools such as email, calendar and document sharing, with web addresses such as “hudsonorg-my-sharepoint.com” and “adfs-senate.email”. An inattentive user who was tricked by such a site may have entered their username and password, allowing an attacker to access their personal data remotely.
The revelation of the new attacks came just weeks after a similar Microsoft discovery led the senator Claire McCaskill, a Missouri Democrat who is running for re-election, to reveal that Russian hackers tried unsuccessfully to infiltrate her Senate computer network.
The hacking attempts mirror similar Russian attacks before the 2016 presidential election, which US intelligence officials have said were focused on helping to get the Republican candidate, Donald Trump, into office by hurting Clinton, his Democratic opponent.
The most recent activity, rather than helping one political party over another, was “most fundamentally focused on disrupting democracy”, Smith said in an interview this week.
He said there was no sign the hackers were successful in persuading anyone to click on the fake websites, which could have exposed a target victim to computer infiltration, hidden surveillance and data theft. Both conservative thinktanks said they had tried to be vigilant about “spear-phishing” email attacks because their pro-democracy work had frequently drawn the ire of authoritarian governments.
“We’re glad that our work is attracting the attention of bad actors,” the Hudson Institute spokesman David Tell said. “It means we’re having an effect, presumably.”
The International Republican Institute is led by a board that includes six Republican senators and the prominent Russia critic and Senate hopeful Mitt Romney, who is running for a Utah seat.
