Ahead of the November midterms, new hacking attacks by Russian actors were uncovered on Tuesday by tech giant Microsoft, which said they were aimed at political groups in the United States.
Microsoft further said that the hacking group in question had ties to the Kremlin and that it created fake internet domains that seemed to imitate two American conservative organizations.
The International Republican Institute (IRI) is a Republican-leaning think tank that has counted among its board members Sens. Lindsey Graham, John McCain and Marco Rubio —all of whom advocate tough policies against Russia. Other targets include the Hudson Institute, which is a Washington, D.C.-based conservative think tank, as well as the U.S. Senate, Microsoft said, per Wall Street Journal.
Both think tanks have been critical of Russia, CNN noted. The Hudson Institute runs the Kleptocracy Initiative, which has an advisory council with several Russia experts and focuses on revealing how “financial secrecy fuels globalized corruption and threats to democracy” and frequently scrutinizes on the Kremlin. IRI has also been critical of Russia, and the Russian Federation labeled the group an “undesirable organization” in 2016.
Three other fake domains were similarly designed to give the impression that they belonged to the Senate, CNBC reports. The domains were registered by a hacking group associated with Moscow’s military intelligence agency, the GRU. In the past, the hackers, commonly referred to as Fancy Bear or Strontium, have used phishing emails to direct targets to fake websites designed to resemble legitimate ones where they steal login credentials, according to security researchers, the Journal adds.
Several weeks ago, Senator Claire McCaskill revealed that Russian hackers made an attempt to infiltrate her Senate computer network but failed to do so. Such attacks had also been made prior to the 2016 election, aimed at hurting Democratic candidate Hilary Clinton and helping Donald Trump win the presidency.
However, Microsoft’s president Brad Smith pointed out that the scope of the latest attacks is much wider, stressing that “this activity is most fundamentally focused on disrupting democracy,” rather than just helping a political party. For now, Smith added, there is no indication that hackers managed to persuade anyone to click on the fake websites and thus get exposed to data theft and covert surveillance.
Regarding the latest hacking attacks, spokespeople from both think tanks said they are often the targets of authoritarian government who are bothered by their pro-democracy work, adding that it meant they were successful in their work.
“We’re glad that our work is attracting the attention of bad actors,” said Hudson Institute spokesman David Tell. “It means we’re having an effect, presumably.”
Smith said he was sure the hacking group was the one known as Strontium or Fancy Bear, linked to the 2016 email hacking of both the Democratic National Committee and the Clinton campaign. He further announced on Tuesday that all U.S. political candidates and organizations will be offered free cybersecurity protection by Microsoft.