Microsoft stops Kremlin-based hackers

Microsoft announced parts of an operation linked to Russian military intelligence targeting the US Senate and conservative think tanks were thwarted. CNN's Frederik Pleitgen reports.

Posted: Aug 21, 2018 8:06 PM
Updated: Aug 21, 2018 8:11 PM

Parts of an operation linked to Russian military intelligence targeting the US Senate and conservative think tanks that advocated for tougher policies against Russia were thwarted last week, Microsoft announced early Tuesday.

The disclosure, coming less than three months ahead of the 2018 midterms, demonstrates new ways in which Russia is attempting to destabilize US institutions. The news also places additional pressure on President Donald Trump to take action, even though he downplayed Russia's involvement as recently as Monday.

In its announcement, Microsoft said it executed a court order giving it control of six websites created by a group known as Fancy Bear. The group was behind the 2016 hack of the Democratic National Committee and directed by the GRU, the Russian military intelligence unit, according to cybersecurity firms.

The websites could have been used to launch cyberattacks on candidates and other political groups ahead of November's elections, the company said.

Microsoft said the domains were "associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28." The company said it has no evidence that the domains were used in successful attacks but that it was working with the potential target organizations.

Microsoft argued in court that the domains were posing as some of its company's services.

"Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit," Microsoft President Brad Smith said in a blog posted to the company's website on Monday night.

Although the websites could be used to trick members of the Senate and think tanks, they also could have been used to dupe other people or entities that interact with them.

Think tanks have criticized Russia

Hackers could have used the domains to send emails to Senate staffers or people working for the Hudson Institute or the International Republican Institute in an attempt to trick them into handing over information, like their passwords.

This form of attack, known as spearphishing, was successfully used to target Hillary Clinton's campaign chairman John Podesta in 2016. Missouri Democratic Sen. Claire McCaskill's staff was similarly targeted by a Russian group last year. McCaskill has said the attempt was unsuccessful, and Microsoft took control of the domain that targeted her staff via a court order in Virginia earlier this year.

Among the websites for which a judge in the Eastern District of Virginia granted Microsoft control were those with domain names designed to resemble sites used by congressional staff. They include "senate.group" and "adfs-senate.email."

Other domains were designed to look like they were related to the Hudson Institute, a conservative think tank, and the International Republican Institute, whose board includes six serving senators, former Massachusetts Gov. Mitt Romney and Gen. H.R. McMaster.

Both think tanks have been critical of Russia.

The Hudson Institute runs the Kleptocracy Initiative, which has an advisory council with several Russia experts and focuses on revealing how "financial secrecy fuels globalized corruption and threats to democracy" and frequently scrutinizes on the Kremlin.

The International Republican Institute has been working to promote democracy since the 1980s and receives funding through the US State Department, US Agency for International Development and the National Endowment for Democracy. IRI has also been critical of Russia, and the Russian Federation labeled the group an "undesirable organization" in 2016.

The institute's board of directors includes several Republicans in Congress. Arizona Sen. John McCain led the board earlier this year and Alaska Sen. Dan Sullivan took over for McCain. Both have been critical of Trump.

"This apparent spearphishing attempt against the International Republican Institute and other organizations is consistent with the campaign of meddling that the Kremlin has waged against organizations that support democracy and human rights," Daniel Twining, IRI's president, said in a statement Tuesday morning. "It is clearly designed to sow confusion, conflict and fear among those who criticize (Russian President Vladimir Putin's) authoritarian regime."

Kremlin denies involvement

The Kremlin on Tuesday denied any knowledge of attempts to interfere in US elections.

"Our reaction has already become traditional: we don't know which hackers they are talking about, we don't know what is meant about the impact on elections," Kremlin spokesman Dmitry Peskov said in response to a CNN question. "From the US, we hear that there was not any meddling in the elections. Whom exactly they are talking about, what is the proof, and on what grounds are they reaching such conclusions?"

He added, "We don't understand, and there is no information, so we treat such allegations accordingly."

In an interview with Reuters on Monday, Trump -- who has openly and repeatedly questioned US intelligence findings that Russia interfered in the 2016 election with the goal of harming Hillary Clinton's campaign to aid his bid -- blamed special counsel Robert Mueller's investigation into the matter for undermining his efforts to improve relations with Moscow.

Mueller's investigation has "played right into the Russians -- if it was Russia -- they played right into the Russians' hands," the President said.

But the President's own Director of National Intelligence, Dan Coats, delivered a speech at the Hudson Institute last month, in which he called Russia "the most aggressive foreign actor" participating in efforts to undermine American democracy.

Also last month, the Justice Department announced indictments against 12 members of the GRU, as part of Mueller's investigation, for allegedly disseminating information it had stolen from the Clinton campaign, the Democratic National Committee and the Democratic Congressional Campaign Committee in 2016.

The indictment laid bare how two units of the GRU had been allegedly responsible for the intrusions, putting names to a group that had only been known under monikers like Fancy Bear and APT28.

Recent attacks

The news comes less than a week after it emerged that two Democratic congressional primary candidates were hacked earlier this year.

The campaigns of Dr. Hans Keirstead and David Min, both of whom lost in California's June primaries, were breached, but the groups responsible for the attacks have not been made public and may not be known.

Microsoft said Monday that, in light of the ongoing threats to political groups in the US, it was launching a specialized cybersecurity protection service called AccountGuard.

The company says it will offer the service to all candidates and campaign officials, as well as think tanks and political organizations that use Microsoft Office 365, at no additional cost.

The initiative is part of Microsoft's Defending Democracy Program, which it launched in April. The company said it plans to roll out AccountGuard in other parts of the world.

This story has been updated with additional context about the Russians' attempted interference.

Terre Haute
Clear
30° wxIcon
Hi: 36° Lo: 21°
Feels Like: 25°
Robinson
Clear
27° wxIcon
Hi: 36° Lo: 18°
Feels Like: 20°
Indianapolis
Broken Clouds
30° wxIcon
Hi: 33° Lo: 22°
Feels Like: 21°
Rockville
Clear
23° wxIcon
Hi: 34° Lo: 20°
Feels Like: 23°
Casey
Clear
29° wxIcon
Hi: 35° Lo: 20°
Feels Like: 22°
Brazil
Clear
30° wxIcon
Hi: 35° Lo: 20°
Feels Like: 25°
Marshall
Clear
30° wxIcon
Hi: 35° Lo: 20°
Feels Like: 25°
Clear & Cold, Warmer Wednesday
WTHI Planner
WTHI Temps
WTHI Radar

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Cases: 726304

Reported Deaths: 12985
CountyCasesDeaths
Cook3063696669
DuPage45446790
Will39020565
Lake37596634
Kane31955469
Winnebago19150262
Madison14607259
McHenry14350156
St. Clair13579259
Champaign1090658
Sangamon1025399
Peoria9273134
Kankakee8689103
Rock Island8685135
McLean860354
Tazewell6947106
Macon6602132
Kendall631847
LaSalle6161136
DeKalb502848
Adams477548
Vermilion397451
Boone396233
Whiteside3767117
Williamson365983
Clinton333761
Coles332759
Ogle288138
Knox284066
Grundy281318
Effingham280121
Henry272815
Jackson271136
Marion252351
Stephenson248935
Macoupin227618
Randolph227626
Livingston226828
Morgan222536
Bureau214543
Monroe208746
Franklin207725
Lee201935
Jefferson190859
Christian190343
Woodford179227
Logan173613
Fayette172231
Iroquois171926
McDonough160742
Fulton148512
Shelby138826
Douglas136916
Jersey129824
Union119528
Montgomery115919
Saline112325
Crawford112213
Perry111223
Warren110120
Jo Daviess108317
Lawrence108211
Carroll107324
Bond105010
Pike102127
Cass96623
Hancock96412
Wayne91133
Moultrie90810
Clay84420
Greene82931
Edgar82015
Clark80520
Richland80119
Piatt7915
Mercer76610
Ford76022
Mason73322
Johnson7246
Washington7122
Jasper65211
De Witt62818
Cumberland62116
White6198
Massac6033
Wabash5808
Menard4731
Pulaski4262
Marshall4146
Hamilton3873
Brown3224
Henderson2901
Schuyler2781
Stark2693
Alexander2612
Calhoun2510
Putnam2460
Scott2330
Edwards2273
Gallatin1933
Unassigned1820
Hardin1561
Pope1011
Out of IL130

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Cases: 338977

Reported Deaths: 5723
CountyCasesDeaths
Marion46131870
Lake29183469
Allen19572307
Elkhart18074236
St. Joseph17808239
Hamilton14364172
Vanderburgh10546128
Tippecanoe948130
Porter890690
Johnson7132171
Hendricks6820162
Vigo643592
Monroe572452
Madison5506124
Clark547678
Delaware5252104
LaPorte501997
Kosciusko484042
Howard382978
Bartholomew355165
Warrick350073
Wayne345886
Floyd338078
Marshall320446
Cass311531
Grant302550
Hancock294357
Noble274147
Boone267655
Henry266139
Dubois253732
Jackson242034
Dearborn241131
Morgan236543
Gibson207329
Shelby204159
Knox198021
DeKalb193435
Clinton192922
Lawrence191349
Wabash183922
Miami181417
Adams180023
Daviess167545
Fayette159834
Jasper159113
Montgomery158329
Steuben158116
Harrison155824
Ripley155721
LaGrange152232
Whitley149715
Huntington141810
White140323
Decatur140044
Putnam138129
Wells137030
Clay135125
Randolph134022
Jefferson133416
Posey130318
Scott119421
Greene112253
Sullivan106717
Jay106414
Jennings98714
Starke98025
Spencer9268
Fulton90119
Fountain8778
Perry87321
Washington8487
Franklin77027
Carroll75313
Orange73128
Vermillion6927
Owen6699
Parke6466
Tipton64027
Rush6078
Blackford59613
Newton59412
Pike54920
Pulaski45016
Benton3943
Martin3866
Brown3815
Crawford3251
Union3012
Switzerland2735
Warren2663
Ohio2457
Unassigned0267