WASHINGTON — Hackers affiliated with the Russian government have expanded their targets to include the U.S. Senate as well as two American think tanks critical of Russia. The discovery comes from a new report by Microsoft, which says it helped detect this new wave of hacking and is going public for the first time about its efforts to block future cyberattacks.
The two think tanks in question are the Hudson Institute, a hawkish organization that works on anti-corruption reforms in Russia, and the International Republican Institute, whose board of directors includes six GOP senators and many other right-leaning foreign-policy types who have spoken in favor of Russian sanctions and other punitive measures against the country.
Microsoft President Brad Smith revealed that the tech giant had identified and disrupted six domain addresses that appeared to mimic websites associated with the Senate and think tanks. The Russian hacking operation known variously as Strontium, Fancy Bear or APT28 had created the six domains, Smith said, in an apparent effort to dupe people into visiting those fake sites and hand over passwords or other sensitive information.
According to Smith, Microsoft’s Digital Crimes Unit took control of the six domains last week using a court order. In just two years, Smith said, Microsoft had obtained 12 different court orders to shut down 84 fake websites associated with Strontium/Fancy Bear. Smith added that there was no evidence the phony Russian domains had been used in a successful cyberattack. It was unclear, he wrote, who the ultimate targets were.
The Microsoft report is the latest evidence that the election interference and cyberattacks seen in the 2016 presidential race continue to this day — and may be getting worse. Last week, Rolling Stone broke the news that the FBI had investigated a series of sophisticated hacking efforts over multiple months targeting a Democratic congressional candidate in California. (The origin of the attacks was unknown.) The Daily Beast reported in late July that Sen. Claire McCaskill (D-MO) had faced an unsuccessful hacking attempt by Russian-affiliated hackers. This month, Sen. Bill Nelson (D-FL) said that Russian hackers “had penetrated” a county-level voting system in Florida.
But the new Microsoft report suggests that the potential targets of Russia’s hacking efforts have broadened beyond campaigns and candidates. “This apparent spear-phishing attempt against the International Republican Institute and other organizations is consistent with the campaign of meddling that the Kremlin has waged against organizations that support democracy and human rights,” IRI President Daniel Twining told the Washington Post. “It is clearly designed to sow confusion, conflict and fear among those who criticize Mr. Putin’s authoritarian regime.”
Microsoft also announced Tuesday that it is launching a new free cybersecurity service called AccountGuard that it will offer to all candidates running for federal, state and local office in the U.S., all national and state party committees and select nonprofit organizations and nongovernmental organizations. The service is meant to beef up the typically meager layers of protection against hacking attempts found on congressional campaigns.
In his announcement, Microsoft president Brad Smith cited comments made as part of a federal case opened to stop Russian hacking attempts that there is “good cause” to believe that Fancy Bear/Strontium is “likely to continue” with its cyberattacks. “In the face of this continuing activity,” Smith writes, “we must work on the assumption that these attacks will broaden further.”