Russians targeted Senate and conservative think tanks, Microsoft says

Parts of an operation linked to Russian military intelligence targeting the US Senate and conservative think...

Posted: Aug 22, 2018 6:26 PM
Updated: Aug 22, 2018 6:26 PM

Parts of an operation linked to Russian military intelligence targeting the US Senate and conservative think tanks that advocated for tougher policies against Russia were thwarted last week, Microsoft announced early Tuesday.

The disclosure, coming less than three months ahead of the 2018 midterms, demonstrates new ways in which Russia is attempting to destabilize US institutions. The news also places additional pressure on President Donald Trump to take action, even though he downplayed Russia's involvement as recently as Monday.

Companies

Continents and regions

Eastern Europe

Elections (by type)

Elections and campaigns

Europe

Government and public administration

Microsoft

Political candidates

Politics

Primaries and caucuses

Russia

Conservatism

Crime, law enforcement and corrections

Criminal offenses

Digital crime

Digital security

Government bodies and offices

Government departments and authorities

Government organizations - US

Intelligence services

International relations and national security

National security

Society

Technology

US Congress

US Senate

2016 Presidential election

Business and industry sectors

Business, economy and trade

Conservative media

Investigations

Media bias

Media content

Media industry

North America

Political Figures - US

Robert Mueller

Russia meddling investigation

The Americas

United States

US Federal elections

US Presidential elections

Donald Trump

Computer science and information technology

Internet and WWW

Internet software and applications

Software and applications

Websites and portals

Democracy

Forms of government

Hillary Clinton

Political organizations

US Democratic Party

US political parties

In its announcement, Microsoft said it executed a court order giving it control of six websites created by a group known as Fancy Bear. The group was behind the 2016 hack of the Democratic National Committee and directed by the GRU, the Russian military intelligence unit, according to cybersecurity firms.

The websites could have been used to launch cyberattacks on candidates and other political groups ahead of November's elections, the company said.

Microsoft said the domains were "associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28." The company said it has no evidence that the domains were used in successful attacks but that it was working with the potential target organizations.

Microsoft argued in court that the domains were posing as some of its company's services.

"Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit," Microsoft President Brad Smith said in a blog posted to the company's website on Monday night.

Although the websites could be used to trick members of the Senate and think tanks, they also could have been used to dupe other people or entities that interact with them.

Think tanks have criticized Russia

Hackers could have used the domains to send emails to Senate staffers or people working for the Hudson Institute or the International Republican Institute in an attempt to trick them into handing over information, like their passwords.

This form of attack, known as spearphishing, was successfully used to target Hillary Clinton's campaign chairman John Podesta in 2016. Missouri Democratic Sen. Claire McCaskill's staff was similarly targeted by a Russian group last year. McCaskill has said the attempt was unsuccessful, and Microsoft took control of the domain that targeted her staff via a court order in Virginia earlier this year.

Among the websites for which a judge in the Eastern District of Virginia granted Microsoft control were those with domain names designed to resemble sites used by congressional staff. They include "senate.group" and "adfs-senate.email."

Other domains were designed to look like they were related to the Hudson Institute, a conservative think tank, and the International Republican Institute, whose board includes six serving senators, former Massachusetts Gov. Mitt Romney and Gen. H.R. McMaster.

Both think tanks have been critical of Russia.

The Hudson Institute runs the Kleptocracy Initiative, which has an advisory council with several Russia experts and focuses on revealing how "financial secrecy fuels globalized corruption and threats to democracy" and frequently scrutinizes on the Kremlin.

The International Republican Institute has been working to promote democracy since the 1980s and receives funding through the US State Department, US Agency for International Development and the National Endowment for Democracy. IRI has also been critical of Russia, and the Russian Federation labeled the group an "undesirable organization" in 2016.

The institute's board of directors includes several Republicans in Congress. Arizona Sen. John McCain led the board earlier this year and Alaska Sen. Dan Sullivan took over for McCain. Both have been critical of Trump.

"This apparent spearphishing attempt against the International Republican Institute and other organizations is consistent with the campaign of meddling that the Kremlin has waged against organizations that support democracy and human rights," Daniel Twining, IRI's president, said in a statement Tuesday morning. "It is clearly designed to sow confusion, conflict and fear among those who criticize (Russian President Vladimir Putin's) authoritarian regime."

Kremlin denies involvement

The Kremlin on Tuesday denied any knowledge of attempts to interfere in US elections.

"Our reaction has already become traditional: we don't know which hackers they are talking about, we don't know what is meant about the impact on elections," Kremlin spokesman Dmitry Peskov said in response to a CNN question. "From the US, we hear that there was not any meddling in the elections. Whom exactly they are talking about, what is the proof, and on what grounds are they reaching such conclusions?"

He added, "We don't understand, and there is no information, so we treat such allegations accordingly."

In an interview with Reuters on Monday, Trump -- who has openly and repeatedly questioned US intelligence findings that Russia interfered in the 2016 election with the goal of harming Hillary Clinton's campaign to aid his bid -- blamed special counsel Robert Mueller's investigation into the matter for undermining his efforts to improve relations with Moscow.

Mueller's investigation has "played right into the Russians -- if it was Russia -- they played right into the Russians' hands," the President said.

But the President's own Director of National Intelligence, Dan Coats, delivered a speech at the Hudson Institute last month, in which he called Russia "the most aggressive foreign actor" participating in efforts to undermine American democracy.

Also last month, the Justice Department announced indictments against 12 members of the GRU, as part of Mueller's investigation, for allegedly disseminating information it had stolen from the Clinton campaign, the Democratic National Committee and the Democratic Congressional Campaign Committee in 2016.

The indictment laid bare how two units of the GRU had been allegedly responsible for the intrusions, putting names to a group that had only been known under monikers like Fancy Bear and APT28.

Recent attacks

The news comes less than a week after it emerged that two Democratic congressional primary candidates were hacked earlier this year.

The campaigns of Dr. Hans Keirstead and David Min, both of whom lost in California's June primaries, were breached, but the groups responsible for the attacks have not been made public and may not be known.

Microsoft said Monday that, in light of the ongoing threats to political groups in the US, it was launching a specialized cybersecurity protection service called AccountGuard.

The company says it will offer the service to all candidates and campaign officials, as well as think tanks and political organizations that use Microsoft Office 365, at no additional cost.

The initiative is part of Microsoft's Defending Democracy Program, which it launched in April. The company said it plans to roll out AccountGuard in other parts of the world.

This story has been updated with additional context about the Russians' attempted interference.

Terre Haute
Clear
69° wxIcon
Hi: 93° Lo: 72°
Feels Like: 69°
Robinson
Overcast
65° wxIcon
Hi: 91° Lo: 70°
Feels Like: 65°
Indianapolis
Few Clouds
72° wxIcon
Hi: 93° Lo: 73°
Feels Like: 72°
Rockville
Clear
65° wxIcon
Hi: 92° Lo: 71°
Feels Like: 65°
Casey
Clear
72° wxIcon
Hi: 91° Lo: 71°
Feels Like: 72°
Brazil
Clear
69° wxIcon
Hi: 93° Lo: 72°
Feels Like: 69°
Marshall
Clear
69° wxIcon
Hi: 91° Lo: 71°
Feels Like: 69°
No Change
WTHI Planner
WTHI Temps
WTHI Radar

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Confirmed Cases: 150554

Reported Deaths: 7309
CountyConfirmedDeaths
Cook934964664
Lake10104427
DuPage9454480
Kane7949280
Will7061322
Winnebago3131101
McHenry2179100
St. Clair2089143
Kankakee133565
Unassigned1170210
Rock Island109430
Madison107770
Kendall101122
Champaign99217
Boone62321
DeKalb59520
Peoria58329
Sangamon47333
Jackson34319
McLean29214
Randolph2917
Stephenson2806
Ogle2794
Clinton24417
Macon24122
LaSalle23717
Whiteside19915
Union19519
Grundy1855
Coles18417
Iroquois1685
Tazewell1588
Knox1490
Warren1470
Monroe14113
Adams1391
Cass1367
Williamson1344
Morgan1323
Jefferson11117
Lee1042
McDonough10415
Henry1031
Vermilion822
Pulaski790
Marion730
Macoupin613
Montgomery591
Perry591
Douglas540
Livingston532
Jo Daviess491
Christian474
Jasper477
Ford411
Woodford392
Jersey371
Franklin360
Bureau312
Menard260
Mercer250
Washington250
Cumberland240
Fayette243
Mason230
Wabash230
Alexander220
Carroll212
Johnson210
Piatt200
Effingham191
Hancock191
Moultrie190
Shelby191
Clark180
Crawford180
Logan180
Bond171
De Witt160
Edgar160
Fulton160
Massac150
Wayne151
Schuyler130
Marshall120
Brown100
Saline100
White90
Greene80
Henderson80
Lawrence80
Richland70
Hamilton60
Stark60
Pike50
Gallatin40
Clay20
Edwards20
Calhoun10
Hardin10
Out of IL10
Pope10
Putnam10
Scott10

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Confirmed Cases: 49063

Reported Deaths: 2732
CountyConfirmedDeaths
Marion11760689
Lake5276246
Elkhart340255
Allen2835133
St. Joseph200169
Cass16429
Hamilton1608101
Hendricks1425100
Johnson1296118
Porter76738
Tippecanoe7359
Clark66844
Madison66764
Bartholomew59145
Vanderburgh5876
LaPorte58326
Howard58058
Kosciusko5624
Marshall5016
Noble48528
LaGrange4779
Jackson4733
Boone45443
Delaware45252
Hancock45236
Shelby43125
Floyd38444
Morgan32731
Monroe30928
Montgomery29720
Grant29626
Clinton2902
Dubois2886
Henry28216
White26610
Decatur25432
Lawrence24825
Dearborn23823
Vigo2388
Warrick22729
Harrison21622
Greene19032
Miami1862
Jennings17712
Putnam1708
DeKalb1634
Scott1628
Daviess14817
Wayne1436
Orange13623
Perry1359
Steuben1302
Franklin1268
Ripley1247
Jasper1232
Wabash1142
Carroll1102
Fayette1037
Newton9910
Gibson982
Whitley975
Starke943
Randolph804
Huntington782
Jefferson762
Wells751
Fulton721
Jay680
Washington671
Pulaski661
Knox640
Clay604
Rush583
Owen501
Adams491
Benton480
Posey450
Sullivan451
Spencer441
Brown421
Blackford392
Crawford320
Fountain322
Tipton311
Switzerland280
Parke240
Martin220
Ohio180
Vermillion140
Warren141
Union130
Pike110
Unassigned0193