Microsoft has just released a statement saying that it discovered and prevented a hacking attack from a Russian Hacking Unit – Strontium. The main target of the group were U.S. political groups and the upcoming midterm elections this November.
Microsoft said that the hacking group – Strontium (aka Fancy Bear or APT28) was directly linked to the Russian Government, more specifically to the GRU or Main Intelligence Directorate in Moscow. The group created six (6) fake Internet domains designed to imitate the websites of two conservative Washington-based think tanks that have been recently critical of The Kremlin – these are The Hudson Institute and the International Republican Institute.
Apart from these websites, the attackers also tried to infiltrate a branch of the U.S. Government by creating three (3) additional fake domains designed to appear like it’s from the U.S. Senate. It was assumed that the hackers intended to utilize the trivial likeness of the domains for a large-scale phishing attack, broadcasting malware-injected email messages to certain specific targets disguised as legitimate colleagues. U.S. Special Counsel Robert Mueller has issued an indictment linking the group to Russia’s GRU, saying that the controversial e-mail hacking of both the Democratic National Committee and Hillary Clinton during the 2016 election campaign was their doing.
A representative from the Kremlin – Spokesman Dmitry Peskov denied all allegations saying that the Russian Government had a hand on the incidents or had any association with the criminals. The Russian Foreign Ministry also condemned the allegations made by Microsoft as “part of a baseless witch-hunt that has swamped Washington.” During a short interview in Moscow, Peskov said – “We do not know what hackers they are talking about, how they influenced elections, or what those conclusions were based on.”
Brad Smith, Microsoft’s president and chief legal officer, said there was no indication that the attackers were able to infiltrate the think tanks, including the U.S. Senate. Microsoft has been in constant legal battles with the Strontium since bringing a lawsuit in a U.S. Federal Court last 2016. With the court’s approval, Microsoft was able to seize and shutdown the most recently used fake domains, and another 84 fake websites created by the hackers – including the ones that was used for the U.S. Senate. Microsoft has contended in court that the hackers misused their services and trademarks to set up fake but legitimate-looking domains in order to infiltrate computer networks, install malware-injected phishing attacks, steal e-mails and other sensitive government data.
Microsoft is already offering free cybersecurity protection to all US political candidates, campaign groups, and political organizations that use their software. This was a component of Microsoft’s political campaign protection program – Defending Democracy, launched last April. The program’s overall purpose is still unclear but it has already provided free training sessions on cybersecurity to both Republican and Democratic parties. Aside from Microsoft, Tech giants Google and Facebook also offered similar services to prevent any campaign interference.