Microsoft says Russian hackers continue targeting 2018 midterm elections

Microsoft has spotted a new hacking campaign targeting 2018 midterm elections, the experts attributed the attacks to Russia-linked APT28 group.

Microsoft has spotted a new hacking campaign targeting 2018 midterm elections.

The tech giant attributed to Russia-linked APT28 a series of cyber attacks aimed at Members of United States’ Senate, conservative organizations and think tanks.

According to Microsoft, the Russian cyberspies created at least six fake websites related to US Senate and conservative organizations to infect the visitors’ systems.

The remaining websites were designed to mimic two U.S. conservative think tanks:

1. The Hudson Institute — a conservative Washington think tank.
2. The International Republican Institute (IRI) — a nonprofit group that promotes democracy worldwide and whose board includes prominent Republican figures like Sen. John McCain.

The fake sites were created over the past several months, hackers registered them with major web-hosting companies.

Microsoft did not provide further details on the attacks.

“One appears to mimic the domain of the International Republican Institute, which promotes democratic principles and is led by a notable board of directors, including six Republican senators and a leading senatorial candidate. Another is similar to the domain used by the Hudson Institute, which hosts prominent discussions on topics including cybersecurity, among other important activities. Other domains appear to reference the U.S. Senate but are not specific to particular offices.”  reads the post published by Microsoft.

“To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains.”

Microsoft’s Digital Crimes Unit shut down the fake websites with a court approval received last year and notified targeted organizations.

At the time it is not possible to say if the fake attacks allowed the cyberspies to compromise the visitors’ machines, Microsoft’s post doesn’t mention any sinkhole investigation conducted by its experts.

Microsoft shut down dozens of other fake websites since 2016 after it has obtained the authorization from the authorities.

The discovery made by Microsoft is part of the Microsoft’s Defending Democracy Program launched in April that is focused on four priorities: protecting campaigns from hacking, protecting voting and the electoral process, increasing political advertising transparency, and defending against disinformation campaigns.

Microsoft announced also its initiative AccountGuard that provides the following services to organizational and personal email accounts:

1. Threat notification across accounts. The Microsoft Threat Intelligence Center will enable Microsoft to detect and provide notification of attacks in a unified way across both organizational and personal email systems. For political campaigns and other eligible organizations, when an attack is identified, this will provide a more comprehensive view of attacks against campaign staff. When verifiable threats are detected, Microsoft will provide personal and expedited recommendations to campaigns and campaign staff to secure their systems.
2. Security guidance and ongoing education. Officials, campaigns and related political organizations will receive guidance to help make their networks and email systems more secure. This can include applying multi-factor authentication, installing the latest security updates and guidance for setting up systems that ensure only those people who need data and documents can access them. AccountGuard will provide updated briefings and training to address evolving cyberattack trends.
3. Early adopter opportunities. Microsoft will provide preview releases of new security features on a par with the services offered to our large corporate and government account customers.

Share On