By Brendan O’Brien and Christopher Bing
Microsoft Corp said that hackers linked to Russia’s government sought to launch cyber attacks on U.S. political groups, warning that Moscow is broadening attacks ahead of November’s congressional elections
The world’s biggest software company said late on Monday that it last week took control of six web domains that hackers had created to mimic websites belonging to the U.S. Senate, two conservative think tanks and Microsoft’s OneDrive cloud storage service.
Hackers use fake sites in “phishing” schemes to trick users into providing login details for accessing computer networks and confidential systems such as email accounts.
The domain takedowns represent Microsoft‘s latest effort to thwart what it says are hacking attempts by a group known as “Fancy Bear,” or APT28, that is linked to the Russian government. The company said it has shut down 84 fake websites in 12 court-approved actions over the past two years.
“We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,” Microsoft President Brad Smith said in a blog post.
Microsoft said it had no evidence the hackers succeeded in compromising any user credentials or stole any data.
Russian government officials rejected the Microsoft allegations and said there was no evidence to support them.
“We don’t know what hackers they are talking about,” Kremlin spokesman Dmitry Peskov told reporters.
“It is regrettable that a large international company, which has been working in the Russian market for a long time, quite actively and successfully has to take part in a witch-hunt that has engulfed Washington,” Russia’s Foreign Ministry later said in a statement.
Moscow has repeatedly dismissed allegations that it has used hackers to influence U.S. elections and political opinion
The targeted think tanks included the International Republican Institute, whose board members include Republican Senator John McCain of Arizona, and the Hudson Institute, according to Microsoft.
The International Republican Institute confirmed in a statement on its website that it had been targeted.
“This latest attempt is consistent with the campaign of meddling that the Kremlin has waged against organizations that support democracy and human rights. It is clearly designed to sow confusion, conflict and fear among those who criticize Mr. Putin’s authoritarian regime,” Institute President Daniel Twining said in the statement.
Representatives with the Hudson Institute could not be reached for comment.
“RUN-OF-THE MILL SPYING”
Microsoft’s report came amid increasing tensions between Moscow and Washington over allegations of election-meddling.
A U.S. federal grand jury indicted 12 Russian intelligence officers in July on charges of hacking Democratic Party computer networks in an attempt to sway the 2016 U.S. presidential election, and some U.S. officials have said Moscow could try to interfere with the U.S. midterm elections in November.
Three U.S. intelligence officials, speaking on the condition of anonymity, said the hacking into traditional Republican policy organizations is neither new nor confined to Russia. Others including China and Iran, have attempted to penetrate the websites and communications of political and other groups across what one of the officials described as “the entire political spectrum from far left to far right.”
Several cybersecurity firms said they had uncovered no evidence to link the sites uncovered by Microsoft to election interference, saying that APT28 and other foreign hacking groups had targeted political U.S. political groups for a decade.
“This activity today looks like run-of-the-mill spying. So far nothing special,” said Thomas Rid, professor of strategic studies at John Hopkins School of Advanced International Studies.
Four of the six malicious domain names suggest they run legitimate Microsoft programs, including Active Directory software for logging into websites, Sharepoint collaboration tools and Office 365 OneDrive cloud storage.
Microsoft said it would offer enhanced security to U.S. political parties, candidates, and campaigns that use its Office 365 software
The new service, AccountGuard, will secure work and personal accounts of Microsoft Office 365, Outlook.com and Hotmail. The company said it will alert organizations when a staff member’s account has been compromised by hackers working for a foreign government.
(Additional reporting by Andrew Osborn and Tom Balmforth in Moscow; John Walcott in Washington; Writing by Jim Finkle and Jack Stubbs; Editing by Steve Orlofsky)