cyber security

Microsoft Uncovers More Russian Hacking Attempts Ahead of Midterms

The Russians are still at it. Photo: Bloomberg/Bloomberg via Getty Images

Over the weekend, the White House suggested all the focus on Russia’s interference in U.S. politics is deeply misguided. Trump tweeted on Saturday that “all of the fools” worrying about Russia should be looking at China too. A day later, National Security Adviser John Bolton said the administration is looking into possible Russian meddling in the midterms, as well as attempts by three other nations.

“I can say definitively that it’s a sufficient national security concern about Chinese meddling, Iranian meddling, and North Korean meddling that we’re taking steps to try and prevent it,” Bolton said on ABC’s This Week. “So all four of those countries, really.”

But the latest news on foreign attempts to infiltrate U.S. politics confirms why Russia remains such a concern. Microsoft said on Tuesday that it’s detected and seized six websites targeting the U.S. Senate and conservative think tanks, which were created by hackers linked to the Russian military intelligence unit that tried to influence the 2016 election. Other nations may be making similar cyberattacks on the U.S., but Microsoft and other tech firms have only reported evidence of Russia’s election-meddling efforts.

For the past two years, Microsoft has been waging a legal battle against the Russian hacking group that targeted Democrats in the 2016 election, which is known as Strontium, Fancy Bear, or APT28. Last year the company obtained court approval to seize fake domains created by the Russians, going on to shut down 78 of these sites.

Last week Microsoft took over six more: three fake domains mimicking the Senate, one modeled after a generic Microsoft site, and two meant to look like conservative think tanks the Hudson Institute or the International Republican Institute.

The site could have been used to trick people working at those institutions to click on the fake links, which would redirect them to a page where hackers would attempt to steal their passwords and other information.

Microsoft has been able to take control of these domains days after they’re created, and there’s no evidence that the hackers were successful in their latest effort to trick someone into giving away their credentials. But keeping up with Russia’s hackers is exceedingly difficult.

“Microsoft is playing whack-a-mole here,” Thomas Rid, a professor of strategic studies at Johns Hopkins University, told the New York Times. “These sites are easy to register and bring back up, and so they will keep doing so.”

As the Times notes, the targeting of the conservative think tanks shows how Russian intelligence is going after institutions that challenge Moscow and President Vladimir Putin. The Hudson Institute promotes programs that examine the rise of kleptocracy worldwide, and while addressing the group last month, Director of National Intelligence Daniel Coats called Russia “the most aggressive foreign” actor working to divide Americans. The International Republican Institute’s board of directors includes several Republicans who have been very critical of Trump and Russia, including John McCain and Mitt Romney. Russian hackers were caught spoofing several think tanks, such as the Council on Foreign Relations, during the 2016 election as well.

Microsoft’s disclosure is far from the first indication that Russia is still at it. A few weeks ago, Democratic senator Claire McCaskill said Russians had unsuccessfully attempted to hack her computer network. At last month’s Aspen Security Forum, Tom Burt, Microsoft’s vice-president of customer security and trust, revealed that the company had tracked Strontium’s attempts to hack three congressional candidates, whom he did not name.

“Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks, and we saw metadata that suggested those phishing attacks were being directed at three candidates who were all standing for election in the midterm elections,” Burt said.

For months, senior U.S. intelligence officials have been warning of Russian attempts to interfere in the midterm elections. “We continue to see a pervasive messaging campaign by Russia to try to weaken and divide the United States,” Director of National Intelligence Dan Coats told reporters earlier this month.

“We’re throwing everything at it,” Coats said, adding that the U.S. is “doing everything we can to have a legitimate election that the American people can have trust in.”

Microsoft Uncovers More Russian Hacking Ahead of Midterms