A group affiliated with the Russian government created phony versions of six websites — including some related to public policy & to the U.S. Senate — with the apparent goal of hacking into the computers of people who were tricked into visiting, according to Microsoft, which said Monday night that it discovered and disabled the fake sites.
The effort by the notorious APT28 hacking group, which has been publicly linked to a Russian intelligence agency & actively interfered in the 2016 presidential election, underscores the aggressive role that Russian operatives are playing ahead of the midterm elections in the U.S. U.S. officials have repeatedly warned that the November vote is a major focus for interference efforts. MS said the sites were created over the past several months & that the company was able to catch them early, as they were being set up. It did not go into more specifics.
MS’s Digital Crimes Unit, which is responsible for the company’s response to email phishing schemes, took the lead role in finding & disabling the sites, & the company is launching an effort to provide expanded cybersecurity protection for campaigns & election agencies that use MS products.
Among those targeted were the Hudson Institute, a conservative Washington think tank active in investigations of corruption in Russia, & the International Republican Institute (IRI), a nonprofit group that promotes democracy worldwide. Three other fake sites were crafted to appear as though they were affiliated with the Senate, & one nonpolitical site spoofed MS’s own online products.
The Senate did not immediately respond to requests for comment late Monday.
MS said Monday that it had found no evidence that the fake sites it recently discovered were used in attacks, but fake sites can carry malware that automatically loads onto the computers of unsuspecting visitors. Hackers often send out deceptive “spear-phishing” emails to trick people into visiting sites that appear to be authentic but in fact allow the attackers to penetrate & gain control of computers that log on, allowing the theft of emails, documents, contact lists & other information.
“This apparent spear-phishing attempt against the IRI & other organizations is consistent with the campaign of meddling that the Kremlin has waged against organizations that support democracy & human rights,” said Daniel Twining, IRI’s president, who blamed Russian President Putin. “It is clearly designed to sow confusion, conflict & fear among those who criticize Mr. Putin’s authoritarian regime.”