Credits: ABC News
Russian government hackers continue to meddle in United States elections via internet-borne deception, targeting a broader range of democratic institutions in order to disrupt elections and to sow discord, Microsoft said.
The company’s top legal officer Brad Smith wrote that Microsoft’s Digital Crimes Unit had obtained a “special master” court order that allows it to battle continued attacks by the Advanced Persistent Threat 28 hacking group during the current US mid-term elections.
APT 28 is also known as Fancy Bear, Sofacy, and Strontium and is “widely associated with the Russian Government,” Microsoft said.
The hacking group has targeted politicians, journalists, activists and individuals critical of the Russian government with a range of means including spear-phishing campaigns using Adobe Flash zero-day exploits since at least 2014.
Linked to Russia’s armed forces Main Intelligence Directorate GRU, APT 28 is said to have interfered in the French, German and US general elections. It is believed to have been behind the hack on the World Anti-Doping Agency that saw individual Olympians test data leaked on the internet.
As part of the court order, Microsoft’s DCU took control over six internet domains created by APT 28 last week.
The domains, my-iri.org, hudsonorg-my-sharepoint.com, senate.group, adfs-senate.services, adfs-senate.email and office365-onedrive.com appear to mimic those of US political think tanks and the Senate upper house.
Microsoft said this represents a broadening of targets by APT 28, but added that there is no evidence the domains have been used successful attacks before the DCU took control over them.
The organisations targeted have been notified by Microsoft which said the continued pattern of attacks mirrors what the company saw prior to the 2017 US and last year’s election in France.
In total, Microsoft said it has shut down 84 fake websites used by APT 28.
To help ward off further cyber attacks by APT 28, Microsoft has put together the free AccountGuard initiative for candidates, campaigns and political institutions that use the company’s Office 365 productivity suite.
AccountGuard utilises Microsoft’s Threat Intelligence Centre to spot and provide notifications of attacks against campaign staff, with quickly delivered individual recommendations on how to secure systems.
The company also said it would provide security guidance and ongoing education along with early access to new protective features for political workers, as part of AccountGuard.