Microsoft has released a startling report exposing the way Russian military intelligence and its hackers planned to target the US Senate and conservative think tanks. The software giant not only identified but also seized those websites that were recently created for the sole purpose of tricking people. The report reveals that these misleading websites were created by a Russian unit that was previously known as G.R.U. Microsoft acquired permission through court to take control of 6 websites, which were fake versions of Congressional domains.
Apparently, these websites came across safe to the users as they believed that the links were managed by the International Republican Institute and the Hudson Institute. However, in reality, these websites redirected to infected web pages from where the hackers were able to obtain user credentials including passwords.
The president of Microsoft, Brad Smith, told The New York Times that the findings reveal the extent to which hackers have broadened their scope for infecting websites. They are now targeting websites of organizations, which are tied “informally” to Republicans.
In a blog post published on Monday, Smith wrote:
“Attackers want their attacks to look as realistic as possible and they, therefore, create websites and URLs that look like sites their targeted victims would expect to receive email from or visit.”
Harvard University’s director of the Defending Digital Democracy project, Eric Rosenbach stated that the Russians are targeting high-profile government organizations to fulfill their own interests. This cannot be linked to their preference for a particular party in the US. Basically, Russians want to disrupt and diminish any and every group that attempts to challenge “how Putin’s Russia is operating at home and around the world,” said Rosenbach.
Reportedly, Microsoft also discovered fake versions of the US Senate website, but these sites weren’t specifically political campaigns or Senate offices related. Most of the websites for which Microsoft was granted control had URLs like “senate.group,” and “adfs-senate.email.” Other domains were named in a way as if linked with the Hudson Institute, the International Republican Institute, and a conservative think tank. Around six serving Senators including ex-governor Massachusetts Mitt Romney and Gen. H.R. McMaster are part of the International Republican Institute board.
Furthermore, the plan to attack conservative think tanks highlights the key goals of the Russian intelligence agency. That is to disrupt all those institutions that may try to challenge Moscow and President Putin. It was also noted that the websites could easily be used to launch cyber-attacks on candidates and political groups before the elections in November.
According to Microsoft, the notorious Fancy Bear group is linked to the sites. The group is believed to be connected to or backed by the Russian military intelligence agency. Fancy Bear is also known as Strontium or APT28. Microsoft claims that the sites could have been used for launching spearphishing attacks on Senate staffers as well as the institutions targeted by the hackers. In 2016, the same group was accused of targeting Hillary Clinton’s presidential campaign through spearphishing attack.
According to CNN, recently, two Democratic congressional primary candidates Dr. Hans Keirstead and David Min’s campaigns were also targeted by hackers. In the wake of these threats, Microsoft has announced a special cybersecurity protection services titled AccountGuard. This service is specially designed to protect political groups and campaigners in the US.