Microsoft disrupted Russian hacking campaign aimed at US midterm elections

Microsoft shut down six websites created by the Russian government-linked hacking group Fancy Bear which were meant to disrupt democracy ahead of the 2018 midterm elections.

While Microsoft refers to the hacking group as Strontium, the hackers associated with the Russian military intelligence service GRU are more widely referred to as Fancy Bear or APT28. The group’s latest thwarted attempt to meddle in U.S. elections involved two websites which targeted conservative think tanks the Hudson Institute and the International Republican Institute, three which were meant to mimic U.S. Senate sites and one of the fake sites spoofed Microsoft’s online products.

After obtaining a court order to disrupt and transfer control of the six domains, Microsoft’s Digital Crimes Unit seized the following six sites which the Russian hacking group intended to use for cyberattacks: my-iri.org, hudsonorg-my-sharepoint.com, senate.group, adfs-senate.services, adfs-senate.email and office365-onedrive.com.

Microsoft’s president and chief legal officer Brad Smith wrote, “We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group. Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit.”

Although Microsoft brought down the hammer on this spear phishing campaign, the company said it had “no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains.”

Smith said Microsoft is “concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States. Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France.”

Microsoft expands Defending Democracy Program and launches AccountGuard

It’s clear that we all need to do more to help protect democracies from cyberthreats. That’s why we are expanding our Defending Democracy Program with a new initiative called Microsoft #AccountGuard. https://t.co/ulh0JJWid8

— Brad Smith (@BradSmi) August 21, 2018

Since Russian cyberattacks aimed at the elections are “likely to continue” and “broaden further,” Microsoft is “expanding Microsoft’s Defending Democracy Program with a new initiative called Microsoft AccountGuard. This initiative will provide state-of-the-art cybersecurity protection at no extra cost to all candidates and campaign offices at the federal, state and local level, as well as think tanks and political organizations we now believe are under attack. The technology is free of charge to candidates, campaigns and related political institutions using Office 365.”

The three services associated with AccountGuard are threat notifications of detected attacks, security education and guidance to make networks and email systems more secure and previews of upcoming security features such as Microsoft provides for government and large corporate customers.