Microsoft has disclosed that it has already identified and helped thwart hacking attempts on three congressional candidates running for for office in the 2018 midterm elections. Speaking on a panel at the Aspen Security Forum on Thursday, Microsoft VP for customer security and trust Tom Burt said his team discovered a fake Microsoft domain used in a -spear-phishing campaign targeting the three candidates earlier this year.
Fake Microsoft domain
“Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” Tom Burt, Microsoft’s vice president for security and trust, said. “And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections."
Burt said Microsoft and the US government were able to take down the fake domain and block the phishing messages. He declined to name the candidates targeted citing privacy concerns. However, he did imply that they were candidates of note that are running for reelection.
“They were all people who, because of their positions, might have been interesting targets from an espionage standpoint, as well as an election disruption standpoint,” he said.
Fancy bear again?
Analysts have traced the spear-phishing campaign to the advanced persistent threat Microsoft identified as Strontium, also known as Fancy Bear, Sofacy, Tsar Team, Pawn Storm and APT 28. The hacking outfit is being closed tracked by several cybersecurity firms and is widely believed to be run by the GRU, Russia's military intelligence agency.
The disclosure comes a week after the US indicted 12 Russian GRU officials, 11 of whom have been accused of stealing usernames and passwords of volunteers in former Democratic presidential candidate Hillary Clinton's campaign, including its chairman John Podesta.
They were also accused of hacking the DNC and leaking the party's stolen emails with the goal of influencing the 2016 presidential elections.
Russia and the midterm elections
It also comes among heightened tensions and concerns over foreign cyberattacks and attempts to influence the upcoming election.
US Director of National Intelligence Dan Coats also raised the alarm on the midterm elections and danger of Russian cyberattacks saying the "warning lights are blinking red again." FBI director Christopher Wray also reiterated that his agency believes Russia may likely attempt to meddle in this year's midterm elections as well.
The US intelligence community have assessed that Russian President Vladimir Putin ordered a complex influence campaign designed to undermine American democracy, hurt Clinton's chances of winning the 2016 election and help sway the vote in Donald Trump's favor.
While the Kremlin has denied the allegations, Trump recently said in Finland that he saw no reason to believe that Russia had interfered in the 2016 US election - a direct contraction to the assessment of his intelligence agencies.
President Trump later attempted to walk back his statement saying he had misspoken.
“Let me be totally clear in saying that... I accept our intelligence community’s conclusion,” Trump said, reading from a prepared script, before adding: “It could be other people also. There’s a lot of people out there.”
Fewer Russian hacking attempts
Hackers have used similar phishing campaigns and strategies to make their way into the DNC's servers in 2016. However, Burt did note analysts have reported fewer instances of Russian hacking attempts than in 2016.
“The consensus of the threat intelligence community right now is that we’re not seeing the same level of activity by the Russian activity groups,” he said. “We don’t see the activity of them trying to infiltrate think tanks and academia and in social networks to do the research that they do to build the phishing attacks.”
Still, he added, “that doesn’t mean we’re not going to see it. There’s a lot of time left before the election.”