Microsoft Just Took Down Six Phishing Domains The Russian Government Was Using To Target US Politics

This particular’s the twelfth such takedown from the past two years, the company said.

Posted on August 21, 2018, at 12:00 a.m. ET

Microsoft says This particular has taken down six malicious websites targeting American politics which had been maintained by the same Russian military intelligence agency which hacked along with leaked Hillary Clinton’s emails during the 2016 election.

In an announcement published at midnight Tuesday, Microsoft said This particular convinced a court last week to seize six domains created by the GRU, Russia’s main foreign intelligence agency. Three of those sites mimicked the US Senate, one a generic Microsoft site, along with the some other two were made to look like the sites of Washington think tanks, Hudson Institute along with the International Republican Institute.

The news comes on the heels of Microsoft’s acknowledgments which This particular has interrupted previous attacks targeting the staffs of several congressional candidates. At least one US senator, Missouri Democrat Claire McCaskill, along with two defeated House candidates in California, David Min along with Hans Keirstead, have recently said they had been targeted.

This particular’s not uncommon for government-sponsored hackers to target lawmakers for the purposes of gathering intelligence. yet the GRU will be the only known government agency which not only regularly hacks politicians, yet also sometimes strategically releases what This particular finds. Clinton has blamed her 2016 presidential loss in part on her hacked emails, which were leaked to WikiLeaks along with regularly doled out to the public for weeks before the election. The GRU has also been accused of releasing emails via French President Emmanuel Macron’s campaign right before which country’s presidential election in 2017.

Political campaigns are a particularly ripe target for foreign hackers seeking to influence US elections. While the country’s elections systems are considered critical infrastructure, along with therefore receive particular attention via the Department of Homeland Security, individual campaigns are largely left to their own devices.

Foreign intelligence agencies also regularly target think tanks, as part of broader attacks on US political systems. In 2016, GRU hacked the think tank, the Bradley Foundation, along with doctored an invoice to make This particular appear which Clinton had received illegal campaign donations. The International Republican Institute, which was among the six sites targeted, counts several sitting senators on its board.

“A .ru email that has a suspicious email, we know to delete which immediately,” David Tell, head of public affairs at the Hudson Institute, told BuzzFeed News. “I got two of those myself last week.”

This particular’s unclear if the six GRU sites taken down by Microsoft were operational, or if they had successfully targeted any victims. The domains are believed to have been created recently.

Creating domain names to mimic politic targets will be a common GRU tactic. “Impersonating domains of their potential victims will be pretty standard tradecraft” for its hackers, said Toni Gidwani, director of research operations at ThreatConnect, which tracks foreign government hacker activity.

“This particular’s something researchers are continuing to see right now in 2018,” she said. “Even with all the attention to Russian attempts to interfere with the midterm elections, This particular’s still a valid attack pattern for threat actors.”

The takedown announced Tuesday will be the latest move in what has become a regular pattern for Microsoft. According to the company, This particular marks the 12th time since 2016 in which This particular has identified a group of websites This particular believed to be created for GRU hacking, along with convinced a court to This particular ownership of the sites, allowing Microsoft to study the domains before taking them down. The company said This particular has shut down 84 fake websites This particular way.

Leave a Reply

Your email address will not be published. Required fields are marked *


twenty − 16 =