Microsoft says it has thwarted attempts by Russian-linked hackers to attack US conservative organisations in the lead-up to the US midterm elections in November.
The tech giant identified a number of “clone” domains purchased by hackers to trick users into believing they were visiting official websites, and then stealing their login information and credentials.
In a blog post, Microsoft president Brad Smith said the company’s Digital Crimes Unit successfully obtained a court order to gain control of six internet domains created by a hacking group “widely associated with the Russian government.”
“Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit,” Smith said.
“We are concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections.”
He said the political organisations targeted included the International Republican Institute and the Hudson Institute, two conservative think tanks that have recently withdrawn support for US president Donald Trump and called for further sanctions on Russia.
The Russian-linked group also targeted the domains associated with a number of Senate offices and services.
The domains seized included “my-iri.org”, “hudsonorg-my-sharepoint.com” and “senate.group”.
Smith said there is no proof that any information had been obtained by the hackers before the domains were seized.
“To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains,” he wrote.
Microsoft said it has used a similar tactic 12 times in the last two years to shut down 84 fake websites associated with the same hacking group.
Microsoft likely identified the beginnings of a “spear phishing” campaign, where users are tricked into believing they are entering personal details into an official, trusted platform.
The company has now launched a new Defending Democracy Program initiative dubbed AccountGuard, which will offer “state-of-the-art cybersecurity protection at no extra cost to all candidates, campaigns offices at federal, state and local level, along with think tanks and political organisations” that are using Office 365.
“In the face of this continuing activity, we must work on the assumption that these attacks will broaden further. An effective response will require even more work to bring people and expertise together from across governments, political parties, campaigns and the tech sector,” Smith said.
“Broadening cyber threats to both US political parties make clear that the tech sector will need to do more to help protect the democratic process.”
In a statement, Russia’s Foreign Ministry rejected Microsoft’s report.
“It is regrettable that a large international company, which has been working in the Russian market for a long time, quite actively and successfully, has to take part in a witch-hunt that has engulfed Washington,” the statement said.
Smith said it’s likely that the cyber attack attempts will become more frequent and serious.
“As a special master appointed by a federal judge concluded in the recent court order obtained by DCU, there is good cause to believe that Strontium is likely to continue its conduct,” he said.
“In the face of this continuing activity, we must work on the assumption that these attacks will broaden further. An effective response will require even more work to bring people and expertise together from across governments, political parties, campaigns and the tech sector.”