Microsoft Corp said on Monday that it had recently thwarted hackers associated with Russian government attempting to steal user information from conservative groups that promote democracy and advocate for cybersecurity.
Last week, Microsoft’s Digital Crimes Unit (DCU) successfully executed a court order to disrupt and transfer control of six internet domains created by a group widely associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28 (a cyber espionage group, associated with the Russian military intelligence agency GRU, according to cybersecurity firm CrowdStrike with a medium level of confidence Cybersecurity firm CrowdStrike), the company said in a blog posted late on August 20.
Microsoft states the action prevents Strontium from using the six domains and enables Microsoft to more closely look for evidence of what Strontium intended to do with the domains. These six domains are the following:
According to the Microsoft’s DCU, these domains show a broadening of entities targeted by Strontium’s activities. One appears to mimic the domain of the International Republican Institute, which promotes democratic principles and is led by a notable board of directors, including six Republican senators and a leading senatorial candidate.
Another is similar to the domain used by the Hudson Institute, which hosts prominent discussions on topics including cybersecurity, among other important activities.
Other domains appear to reference the U.S. Senate but are not specific to particular offices.
Microsoft reportedly found no evidence the fake domains were used in a successful hack. However, spoof sites often host malware designed to automatically infect visiting computers, stealing emails, documents and other sensitive information. After discovering the sites, Microsoft said it obtained a court order to move the domains to its own server to neutralize the threat -- an approach the company has used 12 times in two years to shut down 84 fake websites linked to the group.
“To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains,’ reads the message.
As we reported earlier, the White House is working on cutting-edge measures to counter hacker attacks on the strategically important objects of the American infrastructure