Skip to main content

Microsoft Thwarts Russian Hacking Attempt on U.S. Elections

Microsoft has successfully disrupted a hacking campaign aimed at U.S. midterm elections. 

Microsoft CEO Satya Nadella. Credit: Microsoft

(Image credit: Microsoft CEO Satya Nadella. Credit: Microsoft)

The group behind the attempted hack, known as APT28, Strontium or Fancy Bear, has previously been linked to numerous cybercrime campaigns, including the hack of the Democratic National Committee prior to the 2016 U.S. elections. It is associated with Russian military intelligence service GRU.

The group was attempting "watering hole" attacks. Essentially, hackers who seek to compromise a specific user or group of users seed malware into a website those users might visit. The malware can grant the hackers access to its victim's computer or network. 

Last week, Microsoft's Digital Crimes Unit "successfully executed a court order to disrupt and transfer control of six internet domains" belonging to the group, Microsoft president Brad Smith wrote in a blog post. They included such innocuous domains as senate.group and office365-onedrive.com. The pages were dressed up to imitate the web pages of political and governmental organizations, including the International Republican Institute, the Hudson Institute, and the U.S. Senate -- but were actually malicious "watering holes."

MORE: Microsoft Gives AI a Responsible Makeover

Microsoft says it was able to take over these infected websites before they were used in any attacks. The company claims it has now taken over 84 domains from the APT28 group. 

"We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections," Smith wrote."In the face of this continuing activity, we must work on the assumption that these attacks will broaden further. An effective response will require even more work to bring people and expertise together from across governments, political parties, campaigns and the tech sector."

Tom's Guide has reached out to Microsoft for further comment. 

The action was part of Microsoft's Defending Democracy initiative, which was launched in April to protect political campaigns from hacks. While the program's intentions and goals have been vague thusfar, it has provided free cybersecurity-training sessions to the Democratic and Republican national committees. 

Microsoft timed this announcement to the release of its AccountGuard Initiative, another component of this program. The service will help enrolled political entities secure their networks and email systems, and grant them early access to new security features.