Russian hackers affiliated with the Kremlin established web pages that imitated sites belonging to U.S. conservative think tanks, Senate websites, and Microsoft’s Office 365 email platform, Microsoft announced Tuesday.
The company revealed that the hackers, who were identified as belonging to the infamous group Fancy Bear, were seeking to obtain users’ passwords by duping users into providing login information. A federal court granted Microsoft the authority to remove the fabricated websites last week.
“Attackers want their attacks to look as realistic as possible and they, therefore, create websites and URLs that look like sites their targeted victims would expect to receive emails from or visit,” Microsoft said in a blog post. “The sites involved in last week’s order fit this description.”
[Opinion: Russia is messing with the US again. Trump needs to counterpunch]
The Hudson Institute and the International Republican Institute were targeted. The hacking technique used in this incident was also used in March 2016 to obtain emails from Hillary Clinton campaign chairman John Podesta.
“In the face of this continuing activity, we must work on the assumption that these attacks will broaden further,” Microsoft said.
The company will notify customers about cyberattacks in the future and will provide additional information to candidates and other political organizations suspected to be under attack.
“When verifiable threats are detected, Microsoft will provide personal and expedited recommendations to campaigns and campaign staff to secure their systems,” the company said.
Microsoft said there is no evidence to suggest that the attacks were successful before Microsoft’s Digital Crimes Unit intervened, but the company noted was worried that the “latest attempts pose security threats” to American politics ahead of the 2018 elections.
“To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains,” Microsoft said.
A Russian official rejected Microsoft’s assertions.
“Microsoft is playing political games,” the official said, per Reuters. “The [midterm U.S.] elections have not happened yet, but there are already allegations.”
Director of National Intelligence Dan Coats warned last month that cyberthreats against the U.S. could harm elections. Special counsel Robert Mueller is investigating Russian interference in the 2016 election and whether the Trump campaign worked with the Kremlin.
