Russian hacking
Groups that disrupted 2016 U.S. elections have new target: conservative think tanks.
BOSTON — The Russian military intelligence unit that sought to influence the 2016 election appears to have a new target: conservative American think tanks that have broken with President Donald Trump and are seeking continued sanctions against Moscow, exposing oligarchs or pressing for human rights.
In a report scheduled for release Tuesday, Microsoft Corp. said that it detected and seized websites that were created in recent weeks by hackers linked to the Russian unit formerly known as the GRU. The sites appeared meant to trick people into thinking they were clicking through links managed by the Hudson Institute and the International Republican Institute, but were secretly redirected to webpages created by the hackers to steal passwords and other credentials.
Microsoft also found websites imitating the U.S. Senate, but not specific Senate offices or political campaigns.
The shift to attacking conservative think tanks underscores the Russian intelligence agency’s goals: to disrupt any institutions challenging Moscow and President Vladimir Putin of Russia.
The Hudson Institute has promoted programs examining the rise of kleptocracy in governments around the world, with Russia as a prime target. The International Republican Institute, which receives some funding from the State Department and the U.S. Agency for International Development, has worked for decades in promoting democracy around the world.
“We are now seeing another uptick in attacks. What is particular in this instance is the broadening of the type of websites they are going after,” Microsoft’s president, Brad Smith, said Monday in an interview.
“These are organizations that are informally tied to Republicans, so we see them broadening beyond the sites they have targeted in the past,” he said.
The International Republican Institute’s board of directors includes several Republican leaders who have been highly critical of Trump’s interactions with Putin, including a summit meeting last month between the two leaders in Helsinki.
Among them are Sen. John McCain of Arizona; Mitt Romney, a former presidential candidate; and — though he was silent on Trump’s appearance in Helsinki — Lt. Gen. H.R. McMaster, who was replaced in the spring as the White House national security adviser. McMaster, who is now retired, had been the author of the national security strategy that called for treating Russia as a “revisionist power” and confronting it around the world.
“This is another demonstration of the fact that the Russians aren’t really pursuing partisan attacks, they are pursuing attacks that they perceive in their own national self-interest,” Eric Rosenbach, the director of the Defending Digital Democracy project at Harvard University, said Monday. “It’s about disrupting and diminishing any group that challenges how Putin’s Russia is operating at home and around the world.”
The State Department has traditionally helped fund both Republican and Democratic groups that engage in promoting democracy.
Daniel Twining, president of the International Republican Institute, called the apparent spear-phishing attempt “consistent with the campaign of meddling that the Kremlin has waged against organizations that support democracy and human rights.”
“It is clearly designed to sow confusion, conflict and fear among those who criticize Mr. Putin’s authoritarian regime,” Twining said in a statement.
The goal of the Russian hacking attempt was unclear, and Microsoft was able to catch the spoofed websites as they were set up.
But Smith said that “these attempts are the newest security threats to groups connected with both American political parties” ahead of the 2018 election.
“The Russians are seeking to disrupt and divide,” he said. “There is an asymmetric risk here for democratic societies. The kind of attacks we see from authoritarian regimes like Russia are seeking to fracture and splinter groups in our society.”
On Sunday, the national security adviser, John Bolton, suggested that Russia was not the only threat in the coming elections. He also named China, Iran and North Korea — the other most active cyber operators among state adversaries — as threats.
But so far Microsoft and other firms have not found extensive election-related action by those nations.
Senior U.S. intelligence officials have also warned that the midterm elections will be targeted by foreign governments looking to influence American voters.
Speaking at the Aspen Security Forum last month, FBI Director Christopher Wray said his agency was seeing information operations “aimed at sewing discord and divisiveness in the country.”
Just days later, in a report first released to members of Congress, Facebook revealed that it had discovered and eliminated an influence operation aimed at fueling divisions among Americans by targeting progressive groups. Facebook stopped short of naming Russia as the culprit of that campaign, although the social media company pointed to similarities between the influence operation and previous work by the Russian state-linked Internet Research Agency.
The attempt revealed by Microsoft mirrored efforts by Russian state-backed hackers ahead of the 2016 presidential election.