- Microsoft took down six websites created by Russian APT28 hackers.
- The hackers targeted six sites, including one Microsoft domain.
- This takes it up to 84 domains in two years.
Microsoft has announced it shut down six websites created by a group with ties to the Russian intelligence that spoofed conservative American institutions, the US Senate, and Microsoft’s own websites, ahead of the US midterm elections.
According to the tech giant, the fake sites were meant to trick users into thinking they were visiting authentic websites belonging to the Hudson Institute, or the International Republican Institute. The first is a think tank in Washington, and the latter a pro-democracy group with prominent Republicans standing on the board, including John McCain. The decoy sites sought to steal passwords and other credentials from visitors. The sites are my-iri.org, hudsonorg-my-sharepoint.com, senate.group, adfs-senate.services, adfs-senate.email, office365-onedrive.com.
The report indicates the hackers are linked to the Russian unit known as the G.R.U. The name of the hacker group is APT28, although they’re also known as Fancy Bear or Strontium, and have been previously linked to numerous cyber-espionage campaigns targeting world governments, as well as the Democratic National Committee. Furthermore, the attack revealed today is quite similar to the state-backed hacks before the 2016 presidential election. Then too, Russian hackers spoofed websites belonging to well-known institutions.
“Despite last week’s steps, we are concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States. Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France,” said Brad Smith, Microsoft President.
Due to the nature of the targeted websites in this recent attack, it seems the Russian hackers are simply going after any institutions that are challenging Russia or Vladimir Putin. The Hudson Institute, for instance, had promoted programs looking into the rise of kleptocracy in governments all over the world, including Russia, while the International Republican Institute sought to promote democracy around the world.
Over the past two years, Microsoft has taken down 84 different APT28-run domains. “We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,” Smith added.