Microsoft uncovered and stopped attempts to launch spear-phishing attacks on three 2018 congressional candidates

Microsoft helped the US Government is protecting at least three 2018 midterm election candidates from attacks of Russian cyberspies.

Microsoft revealed that Russian cyberspies attempted to hack at least three 2018 midterm election candidates and it has helped the US government to repeal their attacks.

A Microsoft executive speaking at the Aspen Security Forum revealed the hacking attempts against at least three unnamed congressional candidates, all the attacks were detected this year,

The company executive only added that the three candidates were “people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint.”

The hackers sent spear-phishing messages to the candidates, the messages included links to a fake Microsoft website used by the cyberspies to trick victims into providing their credentials.

“Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” said Tom Burt, Microsoft’s vice president for customer security.

“And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections.”

Once Microsoft discovered the phishing website it has taken down it and helped the US government to “avoid anybody being infected by that particular attack.”

Microsoft blamed the Russian APT28 group for the attacks.

We “discovered that the [fake domains] were being registered by an activity group that at Microsoft we call Strontium…that’s known as Fancy Bear or APT 28,” Burt explained.

“The consensus of the threat intelligence community right now is [that] we do not see the same level of activity by the Russian activity groups leading into the mid-year elections that we could see when we look back at them at that 2016 elections,” 

Burt compared the recent activities with the hacking campaign conducted to interfere with the 2016 Presidential election, he pointed out that differently from 2016 campaigns, 2018 attacks do not target think tanks and academic experts that they did during the 2016 presidential election.

“That does not mean we’re not going to see it, there is a lot of time left before the election.” Burt added.