Microsoft claims to have thwarted Russian 'Fancy Bear' hackers from disrupting upcoming US elections

Russian state hackers caught planning phishing campaign against the International Republican Institute and Hudson Institute

Microsoft claims to have thwarted a new attempt by hackers linked to the Russian, dubbed Fancy Bear, to influence the forthcoming Congressional elections in the US.

The company claims that the group was targeting two politically right-of-centre think tanks and was preparing a phishing campaign. Microsoft claims that the group had designed its own web pages for the two think tanks, mimicking their design. The intention was to use phishing emails to push targets to those websites, whereupon they would be able to glean user names and passwords.

Three other fake domains were designed to look as if they belonged to the US Senate, the company added.

According to Brad Smith, Microsoft's president and chief legal officer, "Microsoft's Digital Crimes Unit (DCU) successfully executed a court order to disrupt and transfer control of six internet domains created by a group widely associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28."

He continued: "We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group. Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit."

The internet domains that Microsoft seized are:

• my-iri.org
• hudsonorg-my-sharepoint.com
• senate.group
• adfs-senate.services
• adfs-senate.email
• office365-onedrive.com

Smith stressed that there was no evidence that these domains have been used in any attacks so far, but revealed that it has been actively monitoring "domain activity with Senate IT staff the past several months, following prior attacks we detected on the staffs of two current senators"

Smith used the news to announce that Microsoft would be expanding its "Defending Democracy Program with a new initiative called Microsoft AccountGuard".

This will "provide state-of-the-art cybersecurity protection at no extra cost to all candidates and campaign offices at the federal, state and local level, as well as think tanks and political organizations we now believe are under attack. The technology is free of charge to candidates, campaigns and related political institutions using Office 365".

Earlier this year, Trend Micro warned that the US Senate was being targeted by Russia's Fancy Bear group, also in a phishing campaign.

Computing's Cloud & Infrastructure Summit Live returns on Wednesday 19 September, featuring panel discussions with end-users, strategic and technical streams and a session with guest speaker Inma Martinez. The event is FREE to qualifying IT leaders and senior IT pros, but places are going fast. Register now!