Russian hackers targeted US Senate and think tanks, says Microsoft

Governments are struggling to deter cyberattacks, which can be launched by anyone, anywhere in the world, explains Steven Ranger, UK Editor-in-Chief for Tech Republic.

Posted: Aug 21, 2018 9:14 PM
Updated: Aug 21, 2018 9:27 PM

Parts of an operation linked to Russian military intelligence targeting the US Senate and conservative think tanks that advocated for tougher policies against Russia were thwarted last week, Microsoft announced early Tuesday.

The disclosure, coming less than three months ahead of the 2018 midterms, demonstrates new ways in which Russia is attempting to destabilize US institutions. The news also places additional pressure on President Donald Trump to take action, even though he downplayed Russia's involvement as recently as Monday.

In its announcement, Microsoft said it executed a court order giving it control of six websites created by a group known as Fancy Bear. The group was behind the 2016 hack of the Democratic National Committee and directed by the GRU, the Russian military intelligence unit, according to cybersecurity firms.

The websites could have been used to launch cyberattacks on candidates and other political groups ahead of November's elections, the company said.

Microsoft said the domains were "associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28." The company said it has no evidence that the domains were used in successful attacks but that it was working with the potential target organizations.

Microsoft argued in court that the domains were posing as some of its company's services.

"Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit," Microsoft President Brad Smith said in a blog posted to the company's website on Monday night.

Although the websites could be used to trick members of the Senate and think tanks, they also could have been used to dupe other people or entities that interact with them.

Think tanks have criticized Russia

Hackers could have used the domains to send emails to Senate staffers or people working for the Hudson Institute or the International Republican Institute in an attempt to trick them into handing over information, like their passwords.

This form of attack, known as spearphishing, was successfully used to target Hillary Clinton's campaign chairman John Podesta in 2016. Missouri Democratic Sen. Claire McCaskill's staff was similarly targeted by a Russian group last year. McCaskill has said the attempt was unsuccessful, and Microsoft took control of the domain that targeted her staff via a court order in Virginia earlier this year.

Among the websites for which a judge in the Eastern District of Virginia granted Microsoft control were those with domain names designed to resemble sites used by congressional staff. They include "senate.group" and "adfs-senate.email."

Other domains were designed to look like they were related to the Hudson Institute, a conservative think tank, and the International Republican Institute, whose board includes six serving senators, former Massachusetts Gov. Mitt Romney and Gen. H.R. McMaster.

Both think tanks have been critical of Russia.

The Hudson Institute runs the Kleptocracy Initiative, which has an advisory council with several Russia experts and focuses on revealing how "financial secrecy fuels globalized corruption and threats to democracy" and frequently scrutinizes on the Kremlin.

The International Republican Institute has been working to promote democracy since the 1980s and receives funding through the US State Department, US Agency for International Development and the National Endowment for Democracy. IRI has also been critical of Russia, and the Russian Federation labeled the group an "undesirable organization" in 2016.

The institute's board of directors includes several Republicans in Congress. Arizona Sen. John McCain led the board earlier this year and Alaska Sen. Dan Sullivan took over for McCain. Both have been critical of Trump.

Kremlin denies involvement

The Kremlin on Tuesday denied any knowledge of attempts to interfere in US elections.

"Our reaction has already become traditional: we don't know which hackers they are talking about, we don't know what is meant about the impact on elections," Kremlin spokesman Dmitry Peskov said in response to a CNN question. "From the US, we hear that there was not any meddling in the elections. Whom exactly they are talking about, what is the proof, and on what grounds are they reaching such conclusions?"

He added, "We don't understand, and there is no information, so we treat such allegations accordingly."

In an interview with Reuters on Monday, Trump -- who has openly and repeatedly questioned US intelligence findings that Russia interfered in the 2016 election with the goal of harming Hillary Clinton's campaign to aid his bid -- blamed special counsel Robert Mueller's investigation into the matter for undermining his efforts to improve relations with Moscow.

Mueller's investigation has "played right into the Russians -- if it was Russia -- they played right into the Russians' hands," the President said.

Recent attacks

The news comes less than a week after it emerged that two Democratic congressional primary candidates were hacked earlier this year.

The campaigns of Dr. Hans Keirstead and David Min, both of whom lost in California's June primaries, were breached, but the groups responsible for the attacks have not been made public and may not be known.

Microsoft said Monday that, in light of the ongoing threats to political groups in the US, it was launching a specialized cybersecurity protection service called AccountGuard.

The company says it will offer the service to all candidates and campaign officials, as well as think tanks and political organizations that use Microsoft Office 365, at no additional cost.

The initiative is part of Microsoft's Defending Democracy Program, which it launched in April. The company said it plans to roll out AccountGuard in other parts of the world.

This story has been updated with additional context about the Russians' attempted interference.

Terre Haute
Overcast
35° wxIcon
Hi: 37° Lo: 24°
Feels Like: 26°
Robinson
Overcast
34° wxIcon
Hi: 34° Lo: 22°
Feels Like: 24°
Indianapolis
Overcast
31° wxIcon
Hi: 32° Lo: 26°
Feels Like: 17°
Rockville
Overcast
30° wxIcon
Hi: 35° Lo: 24°
Feels Like: 17°
Casey
Overcast
33° wxIcon
Hi: 34° Lo: 23°
Feels Like: 21°
Brazil
Overcast
35° wxIcon
Hi: 35° Lo: 23°
Feels Like: 26°
Marshall
Overcast
35° wxIcon
Hi: 36° Lo: 23°
Feels Like: 26°
Cloudy, chance of evening showers.
WTHI Planner
WTHI Temps
WTHI Radar

Latest Video

Image

Monday Afternoon Weather

Image

All You Need to Know for Monday

Image

Monday: Rain/snow mix, windy, chilly. High: 36°

Image

Sunday Evening Forecast

Image

Scam Alert: Fake vaccine trials

Image

Bridgeton Country Christmas continues

Image

Safety rules in place at local tree farm

Image

Police search for attempted armed robber

Image

$5,000 grant supports trail project

Image

Winter Precipitation Explainer

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Cases: 720114

Reported Deaths: 12882
CountyCasesDeaths
Cook3042206595
DuPage45087788
Will38684563
Lake37299631
Kane31767467
Winnebago18948262
Madison14379255
McHenry14269156
St. Clair13410259
Champaign1079858
Sangamon1015799
Peoria9147133
Kankakee8636103
Rock Island8612135
McLean848954
Tazewell6835104
Macon6517132
Kendall626947
LaSalle6108134
DeKalb499047
Adams473548
Vermilion391551
Boone390733
Whiteside3743115
Williamson361083
Clinton330861
Coles329859
Ogle285037
Knox280766
Grundy277618
Effingham277021
Henry270015
Jackson268536
Marion248551
Stephenson246635
Randolph226826
Livingston224527
Macoupin223218
Morgan220936
Bureau211643
Monroe207545
Franklin204825
Lee201034
Christian189443
Jefferson187859
Woodford175827
Fayette170931
Logan170113
Iroquois169326
McDonough158241
Fulton146012
Shelby137426
Douglas135416
Jersey127224
Union118228
Montgomery115519
Crawford112213
Saline111625
Perry110223
Warren109020
Jo Daviess107617
Carroll107024
Lawrence107011
Bond104810
Pike101427
Cass96423
Hancock95612
Wayne90833
Moultrie89810
Clay84020
Greene82831
Edgar80815
Clark79820
Piatt7835
Richland78019
Ford75222
Mercer74510
Mason72120
Johnson7136
Washington7002
Jasper64411
Cumberland61416
White6148
De Witt61317
Massac5993
Wabash5708
Menard4661
Pulaski4132
Marshall4066
Hamilton3873
Brown3224
Henderson2891
Schuyler2711
Stark2683
Alexander2562
Calhoun2470
Putnam2430
Scott2310
Edwards2263
Gallatin1913
Unassigned1850
Hardin1551
Pope1011
Out of IL100

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Cases: 333312

Reported Deaths: 5685
CountyCasesDeaths
Marion45371865
Lake28722469
Allen19325304
Elkhart17945235
St. Joseph17599237
Hamilton14061171
Vanderburgh10280127
Tippecanoe920230
Porter873389
Johnson6973170
Hendricks6674158
Vigo637392
Monroe560850
Madison5410122
Clark540478
Delaware5184103
LaPorte492897
Kosciusko480741
Howard379478
Bartholomew347365
Warrick343073
Wayne340985
Floyd334978
Marshall317946
Cass307931
Grant295450
Hancock286957
Noble269347
Henry262837
Boone261955
Dubois249632
Dearborn238231
Jackson235534
Morgan228743
Gibson201229
Shelby199859
Knox196621
DeKalb190234
Clinton189222
Lawrence187949
Wabash181122
Miami176817
Adams176223
Daviess165845
Fayette157634
Steuben156415
Jasper155913
Montgomery154629
Harrison154124
Ripley151521
LaGrange150631
Whitley146815
Huntington140210
Decatur137144
Putnam134828
White134823
Wells134630
Clay132724
Randolph132622
Jefferson131316
Posey127718
Scott118921
Greene109053
Sullivan105016
Jay104414
Jennings97814
Starke96624
Spencer9078
Fulton88619
Perry86421
Fountain8608
Washington8387
Franklin75727
Carroll73713
Orange71828
Vermillion6867
Owen6598
Tipton62727
Parke6226
Rush5918
Newton58812
Blackford57312
Pike54020
Pulaski44215
Benton3843
Martin3826
Brown3705
Crawford3221
Union2862
Switzerland2725
Warren2653
Ohio2437
Unassigned0267