Microsoft said Tuesday it has uncovered new Russian hacking attempts targeting US political groups ahead of the midterm elections.
The company said that a hacking group tied to the Russian government created fake Internet domains that appeared to spoof two American conservative organizations: the Hudson Institute and the International Republican Institute. Three other fake domains were designed to look as if they belonged to the US Senate.
Microsoft didn’t offer any further description of the fake sites.
The revelation came just weeks after a similar Microsoft discovery led Sen. Claire McCaskill, a Missouri Democrat who is running for re-election, to reveal that Russian hackers tried unsuccessfully to infiltrate her Senate computer network.
The hacking attempts mirror similar Russian attacks ahead of the 2016 election, which US intelligence officials have said were focused on helping to elect Republican Donald Trump to the presidency by hurting his Democratic opponent, Hillary Clinton.
This time, more than helping one political party over another, “this activity is most fundamentally focused on disrupting democracy,” Brad Smith, Microsoft’s president and chief legal officer, said in an interview this week.
Smith said there is no sign the hackers were successful in persuading anyone to click on the fake websites, which could have exposed a target victim to computer infiltration, hidden surveillance and data theft. Both conservative think tanks said they have tried to be vigilant about “spear-phishing” email attacks because their global pro-democracy work has frequently drawn the ire of authoritarian governments.
“We’re glad that our work is attracting the attention of bad actors,” said Hudson Institute spokesman David Tell. “It means we’re having an effect, presumably.”
The International Republican Institute is led by a board that includes six Republican senators, and one prominent Russia critic and Senate hopeful, Mitt Romney, who is running for a Utah seat this fall.
Microsoft calls the hacking group Strontium; others call it Fancy Bear or APT28. An indictment from US special counsel Robert Mueller has tied it to Russian’s main intelligence agency, known as the GRU, and to the 2016 email hacking of both the Democratic National Committee and the Clinton campaign.
“We have no doubt in our minds” who is responsible, Smith said.
Microsoft has waged a legal battle with Strontium since suing it in a Virginia federal court in summer 2016. The company obtained court approval last year allowing it to seize certain fake domains created by the group. It has so far used the courts to shut down 84 fake websites created by the group, including the most recent six announced Tuesday.
Microsoft has argued in court that by setting up fake but realistic-looking domains, the hackers were misusing Microsoft trademarks and services to hack into targeted computer networks, install malware and steal sensitive emails and other data.
Smith also announced Tuesday that the company is offering free cybersecurity protection to all US political candidates, campaigns and other political organizations, at least so long as they’re already using Microsoft’s Office 365 productivity software. Facebook and Google have also promoted similar tools to combat campaign interference.
Microsoft uncovers more Russian attacks ahead of midterms
Microsoft uncovers more Russian attacks ahead of midterms
- The hacking attempts mirror similar Russian attacks ahead of the 2016 election
- The company is offering free cybersecurity protection to all US political candidates, campaigns and other political organizations
26 Doctors without Borders workers remain unaccounted for in South Sudan a month after attacks
- A hospital in the town of Lankien was bombed by government forces, MSF said
- “We have lost contact with them amid ongoing insecurity”
NAIROBI: More than two dozen Doctors Without Borders workers remain unaccounted for a month after attacks in South Sudan, the medical charity said.
Two facilities belonging to the group, known by French acronym MSF, were attacked on Feb. 3 in Jonglei State, northeast of the capital, Juba, where violence has displaced an estimated 280,000 people since December.
A hospital in the town of Lankien was bombed by government forces, MSF said, while another medical facility in the town of Pieri was raided by “unknown assailants.” Both were located in opposition-held areas.
Staff working at the two facilities fled alongside much of the local population into deeply rural areas where armed clashes and aerial bombardments were ongoing.
MSF said in a statement on Monday that “26 of 291 of our colleagues working in Lankien and Pieri remain unaccounted for.
“We have lost contact with them amid ongoing insecurity,” it said.
The lack of communication with its staff could be linked to the limited network connectivity in much of the state. Staff members who had been contacted described “destruction, violence and extreme hardships.”
Fighting escalated sharply in December, when opposition forces captured a string of government outposts in north central Jonglei. In January, the government responded with a counteroffensive that recaptured most of the area it had lost.
Displaced people in Akobo, an opposition-held town near the Ethiopian border, described horrific violence by government fighters. Many described not being able to find food or water as they walked for days to reach safety.
The attacks on MSF facilities in Lankien and Pieri are part of an uptick in violence on humanitarian staff, supplies and infrastructure, aid groups say. MSF facilities have been attacked 10 times in the last 12 months.
“This violence has taken an unbearable toll not only on health care services, but on the very people who kept them running,” said Yashovardhan, MSF head of mission in South Sudan, who only uses one name.
“Medical workers must never be targets,” he said. “We are deeply concerned about what has happened to our colleagues and the communities we serve.”
