Microsoft discovers new Russian hacking operation targeting US groups | Cyber Security

Latest breaking news on Cyber security

A new round of attempts on sites belonging to American organizations has been uncovered ahead of the 2018 midterm elections.

Microsoft said Monday it recently discovered and disabled several fake websites designed to trick visitors and allow a hacking group connected to the Russian government to hack into their computers. Two of the fake sites were designed to mimic two American conservative organizations — Hudson Institute and the International Republican Institute — while three other domains were intended to resemble official US Senate sites.

Microsoft said a hacking group linked to the Russian military and known as Strontium was behind the spoofing campaign. The group, more widely known as “Fancy Bear” and APT 28, has also been linked to a series of hacks in recent years, including one in which emails and chat transcripts were stolen from the Democratic National Committee's computer network in 2016.

Microsoft reportedly found no evidence the fake domains were used in a successful hack. However, spoof sites often host malware designed to automatically infect visiting computers, stealing emails, documents and other sensitive information. After discovering the sites, Microsoft said it obtained a court order to move the domains to its own server to neutralize the threat — an approach the company has used 12 times in two years to shut down 84 fake websites linked to the group.

“Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit,” President and Chief Legal Officer Brad Smith wrote in a company blog post. “The sites involved in last week's order fit this description.”

Now Playing:
Watch this:

Twitter's newest feature informs users about political…


The discovery underscores the challenges faced as the US tries to avoid a repeat of the 2016 election, in which Russian actors used social media to sow seeds of discord among Americans. Disinformation has long been a part of Russia's foreign policy strategy, and social media has allowed the trolling effort to expand on a viral scale. US intelligence has warned Congress that these campaigns will continue in future elections.

Microsoft's revelation comes roughly a month after US special counsel Robert Mueller filed charges against 12 Russian hackers connected to the cyberattacks on the Democratic National Committee during the 2016 election campaign. In February, the Justice Department indicted 13 Russian nationals and the Internet Research Agency, a group linked to Russian intelligence services, for a propaganda campaign spread across social media during the 2016 election.

Microsoft's moves are part of a concerted effort by some of the tech industry's most influential companies to head off foreign interference before it penetrates their platforms. Representatives from Amazon, Apple, Google, Facebook, Microsoft, Oath, Snap and Twitter, met in April with representatives of the US intelligence community to discuss preparations for the midterm elections.

The US Justice Department has also instituted a new policy to inform Americans of foreign operations attempting to undermine confidence in US democracy. The government's plan is to notify US companies, private organizations and individuals when a hacking threat by foreign actors is detected.

The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.

Special Reports: CNET's in-depth features in one place.

You might also like

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More