Last month, Microsoft announced it had detected ongoing attacks targeting the 2018 midterm elections and now Microsoft’s Digital Crimes Unit has uncovered six more websites that have ties to a hacking group known as APT28. This group was connected to interfering in the 2016 Presidential election. Microsoft has been granted a court order to take control of all six domains.
Brad Smith, president of Microsoft, posted that the hackers planned to launch phishing attacks using the domain names. APT28, which also goes by the names Fancy Bear and Strontium, had registered names that are very close to actual websites used by the Hudson Institute, the International Republican Institute, and the U.S. Senate. One of these websites was even meant to mimic Microsoft’s Office 365 and OneDrive services.
It’s important to note that at this time there is no evidence that the hackers were able to persuade anyone to click on the fake websites, which could have exposed a victim to hidden surveillance, data theft, or computer infiltration.
Microsoft didn’t give any further description of the fake domains but it has outlined in court filings how APT28 operated a network of websites in the past that tricked victims into installing malicious software.
ABC News reports that The Russian Foreign Ministry claims that Microsoft’s report is false and amounts to a “witch hunt” and that Microsoft’s statement lacked proof of Russian involvement because “there can’t be any.”
Experts say this activity mirrors the Russian meddling attempts that occurred before the 2016 election, which U.S. intelligence officials said were focused on getting Donald Trump elected by hurting his Democratic opponent, Hillary Clinton. But they believe this time, rather than helping one person over another, it’s more focused on disrupting democracy.
On Tuesday, the FBI said it was aware of Microsoft’s actions to disrupt the websites but it wouldn’t confirm whether they were working directly with the company to fight APT28.
Microsoft has been in a legal battle with APT28 since 2016. The company was granted court approval last year allowing it to take control of fake websites created by the group. In that time Microsoft has seized 84 fake domains created by the group, including the six it recently discovered.
In Smith’s post, he goes on to say that Microsoft is “concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States.” As part of its Defending Democracy Program, the company also announced that it’s offering free cybersecurity to all U.S. political candidates and political organizations, as long as they’re already using Microsoft’s Office 365 software.