Microsoft hits spy websites
• Software giant sifts through evidence of cyberattackers’ intentions after getting court order to take over domains
Microsoft has detected and seized web domains created by cyberattackers linked to the Russian military, in a potential attempt to manipulate and disrupt the US midterm elections.
The shadowy group, known as Strontium, created domains that mimicked organisations such as the International Republican Institute and Hudson Institute so intended victims would believe they were receiving emails or visiting real sites, Microsoft president Brad Smith said in a blog post.
Microsoft said it is sifting through evidence of the group’s intentions after getting a court order to take over those domains, effectively disrupting the hacking campaign.
The two targeted institutions are conservative bastions, which at times have been at odds with Russia or US President Donald Trump.
Russia rejected Microsoft’s accusations that it is attempting to influence upcoming US elections, which will determine control of Congress, Interfax reported on Tuesday.
Russia is accused of trying to sway the vote in 2016 through disinformation campaigns and targeted hacking, setting in motion a fiery dispute between Trump and Democrats.
Even before Microsoft’s warning, US national security officials had sounded the alarm of further meddling in the midterm elections. At least three congressional candidates have already been hit with phishing attacks that strongly resemble Russian sabotage two years ago.
The US Congress is considering measures that would impose more sanctions on Russia if it is found to be meddling in the midterm elections.
The Senate banking and foreign affairs committees held hearings on Tuesday on the effectiveness of sanctions and the prospect of more penalties, including those targeting energy companies, banks, interests and new sovereign debt.
Citing the Microsoft report, Democrat Sherrod Brown of Ohio said at the Senate banking mining Russian hearing that “true to form the Kremlin promptly denied involvement. That is nonsense. The president should call it that and forcefully respond.”
Brown said Trump and Congress need to do more, but “so far, the president has basically been Awol, undercutting even modest efforts of professionals” in the treasury and other departments.
Republican Senator Lindsey Graham of South Carolina said in an interview the Microsoft report shows what has been done so far “isn’t working” and underscores the need for added sanctions legislation.
Would-be hackers set up legitimate-sounding websites and domains from which emails could be sent, as in a phishing attack.
Microsoft said it has found no evidence so far that the halfdozen domains in the latest case were employed in successful attacks, nor who any intended targets may have been. It said it has notified and is working with the affected organisations.
“Unfortunately, the internet has become an avenue for some governments to steal and leak information, spread disinformation, and probe and potentially attempt to tamper with voting systems,” Microsoft’s Smith said in the blog post. “These domains show a broadening of entities targeted by Strontium’s activities.”