Microsoft uncovers new Russian hacking attempts on US political groups

Source : 112 Ukraine

Kremlin-linked group created fake websites for Senate and thinktanks, Microsoft states
20:52, 21 August 2018


Open source

Microsoft Corp said on Monday that it had recently thwarted hackers associated with Russian government attempting to steal user information from conservative groups that promote democracy and advocate for cybersecurity.

Last week, Microsoft’s Digital Crimes Unit (DCU) successfully executed a court order to disrupt and transfer control of six internet domains created by a group widely associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28 (a cyber espionage group, associated with the Russian military intelligence agency GRU, according to cybersecurity firm CrowdStrike with a medium level of confidence Cybersecurity firm CrowdStrike), the company said in a blog posted late on August 20.

Microsoft states the action prevents Strontium from using the six domains and enables Microsoft to more closely look for evidence of what Strontium intended to do with the domains. These six domains are the following:

Open source

According to the Microsoft’s DCU, these domains show a broadening of entities targeted by Strontium’s activities. One appears to mimic the domain of the International Republican Institute, which promotes democratic principles and is led by a notable board of directors, including six Republican senators and a leading senatorial candidate.

Another is similar to the domain used by the Hudson Institute, which hosts prominent discussions on topics including cybersecurity, among other important activities.

Other domains appear to reference the U.S. Senate but are not specific to particular offices.

Related: Trump convenes high-level meeting on election security as hacking looms

Microsoft reportedly found no evidence the fake domains were used in a successful hack. However, spoof sites often host malware designed to automatically infect visiting computers, stealing emails, documents and other sensitive information. After discovering the sites, Microsoft said it obtained a court order to move the domains to its own server to neutralize the threat -- an approach the company has used 12 times in two years to shut down 84 fake websites linked to the group.

“To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains,’ reads the message.

Related: US should prepare new anti-Russian sanctions before Putin's visit to Washington

As we reported earlier, the White House is working on cutting-edge measures to counter hacker attacks on the strategically important objects of the American infrastructure


Related: Another cyber attack detected from territory of Russian Federation, - Security Service



Система Orphus

If you find an error, highlight the desired text and press Ctrl + Enter, to tell about it

see more