Russian hacking attempts are widening in scope, Microsoft warns
Hackers linked to the Russian government appear to be broadening their attacks in the run-up to November congressional elections, Microsoft said Monday, most recently by impersonating sites for conservative think tanks as well as the US Senate.
Hackers used fake domains to impersonate the Hudson Institute and the International Republican Institute as well as the US Senate in a hijacking campaign that could have allowed them to access personal data or implant malware. Such âspear-fishingâ cyber attacks are aimed at convincing victims to enter their user names and passwords on the fake sites, granting hackers access to their credentials.
âWeâre concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,â Microsoft President Brad Smith said in a statement published on the companyâs website.
He said the companyâs Digital Crimes Unit had executed a court order last week to transfer control of six fraudulent Internet domains from the Russian hacking collective known as Strontium (also known as Fancy Bear, APT28 and other names) to Microsoft. A federal judge in Virginia appointed a âspecial masterâ in 2016 to authorize Microsoft to seize control of fake sites.
Several Western intelligence agencies believe Strontium is run by Russiaâs GRU military intelligence agency, which consistently denies any links to the hackers.
â[W]e are concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups and think tanks across the politica l spectrum in the United States,â Smith said.
The Hudson Institute has held events on dismantling Russian international crime organizations and others critical of Russian foreign policy. In April 2016 theInternational Republican Institute launched the Beacon Project, a program it said was âaimed at countering the increasing threat of Russian soft power and propagandaâ by partnering with European political parties and think tanks.
Microsoft said it had shut down 84 fraudulent websites over the past two years.
The company is also making âstate-of-the-art cybersecurity protectionâ available for free to âall candidates and campaign offices at the federal, state and local level, as well as think tanks and political organizations we now believe are under attackâ.
Smith said there was no evidence so far that hackers had succeeded in fooling anyone into clicking on the fraudulent sites. And with each new attempt, cyber attacks are becoming more recogn izable.
âTaken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France,â he said.
US Special Counsel Robert Mueller â" who is investigating Russian attempts to influence the 2016 election, including through cyber attacks â" indicted 12 Russian intelligence officers in July for their alleged roles in hacking the Democratic National Committee and members of the Hillary Clinton campaign. Two GRU units are accused of stealing emails and documents as well as installing malware.
According to the indictment, they then disseminated âtens of thousandsâ of these stolen documents and emails using online personas including âDCLeaksâ and âGuccifer 2.0â.
After the US presidential election, cybersecurity companies discovered several websites created by Russian hackers to mimic those of well-known institutions, the New York Times reported. Among those targeted were the Cou ncil on Foreign Relations, the Eurasia Group, Transparency International in Berlin and the International Institute for Strategic Studies in London.
Facebook said last month it had deactivated 32 fake pages and accounts it suspected were part of a foreign interference campaign ahead of Novemberâs congressional elections.
âWe donât know what hackers they are talking about,â Kremlin spokesman Dmitry Peskov told reporters on Tuesday in response to the Microsoft announcement.
âWho exactly are they talking about? We donât understand what proof and what the basis is for them drawing these kind of conclusions."
A third of House candidates vulnerable
The new revelations come just weeks after Microsoft discovered that the computer network of Senator Claire McCaskill, a Missouri Democrat running for re-election, had been targeted unsuccessfully by Russian hackers.
Reuters reported last week that the FBI was investigating a cyber attack on the congressional campaign of David Min, a Democratic candidate who lost a June primary for California's 45th Congressional district. The FBI is also investigating a cyber campaign against Hans Keirstead, another California Democrat who was defeated in a primary in the 48th Congressional district, Rolling Stone reported.
An independent study unveiled at the annual Def Con security conference in Las Vegas earlier this month found the websites of nearly one-third of candidates for the US House from both parties were vulnerable to attacks.
Joshua Franklin, a former National Institute for Standards and Technology security expert who led the team of four researchers, told Reuters they found potentially malicious web pages with URLs that closely resembled the candidates' names. Hackers use a practice known as "typo squatting" or "URL hijacking" â" in which they register domains to take advantage of typos in URLs â" to build fa ke sites used in phishing attacks.
The candidates most at risk are those with smaller campaigns and little expertise in cyber security, Franklin said.
But even seasoned political operatives like those on the Clinton campaign can fall prey to more sophisticated attacks.
In an interview with the New York Times published on Tuesday,Professor of Strategic Studies at Johns Hopkins University Thomas Rid said he had doubts about whether cyber security experts can stay one step ahead of the hackers.
âThese attacks keep happening because they work," Rid said. "They are successful again and again."
âMicrosoft is playing whack-a-mole here. These [fake] sites are easy to register and bring back up, and so they will keep doing so.â
Date created : 2018-08-21Source: Google News F rance | Netizen 24 France