Russian Political Hack Halted By Microsoft

Russian internet © Pavel Ignatov Shutterstock 2012

Attack by ‘Fancy Bear’ hacking group to steal steal data from American think tank organisations foiled by Redmond boffins

Microsoft has claimed victory after it said it thwarted a cyber attack by a hacking group linked to the Russian military intelligence agency, the GRU.

Microsoft said it was taking steps against threats to democracy because “foreign entities are launching cyber strikes to disrupt elections and sow discord.”

Redmond said it had foiled a cyber attack that was targeting US conservative groups including the International Republican Institute and the Hudson Institute think tanks. It did this when Microsoft security staff gained control of six net domains mimicking their websites.

Fancy Bear

And Microsoft identified the Russian hackers, naming them as the Fancy Bear hacking group, which is closely linked to the Russian military intelligence agency, the GRU.

The Fancy Bear group is also known as ‘Strontium’ or alternatively ‘APT28’, and they are apparently ramping up their cyber attacks in the build-up to November elections.

In January this year Trend Micro said that the Fancy Bear hacking group had attacked a number of political targets in 2017, including the US Senate and organisations linked to the Olympic Games.

But now Microsoft said that its Digital Crimes Unit (DCU) successfully executed a court order to disrupt and transfer control of six internet domains created by a group.

These domains had been designed by the Russian hackers to mimic the pages of The International Republican Institute and The Hudson Institute. Users were redirected to fake addresses where they were asked to enter usernames and passwords.

“We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group,” blogged Microsoft vice president Brad Smith. “Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit. The sites involved in last week’s order fit this description.”

“We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,” wrote Smith, and he pointed out a new service Microsoft is offering American political entities.

“That’s why today we are expanding Microsoft’s Defending Democracy Program with a new initiative called Microsoft AccountGuard,” wrote Smith. “This initiative will provide state-of-the-art cybersecurity protection at no extra cost to all candidates and campaign offices at the federal, state and local level, as well as think tanks and political organisations we now believe are under attack. The technology is free of charge to candidates, campaigns and related political institutions using Office 365.”

Microsoft said that it had notified both non-profit organisations and will continue to work closely with them and other targeted organisations on countering cybersecurity threats to their systems.

Redmond also said that it is monitoring and addressing domain activity with Senate IT staff, following prior attacks on the staffs of two current senators.

Asynchronous warfare

At least one security expert has warned that the world continues to underestimate the threat posed by cyber attacks from foreign powers.

“We are in a situation of Asynchronous warfare. Foreign powers are using the cyber theatre to undermine confidence in political and economic models,” said Andy Norton, director of threat intelligence at Lastline.

“Security that is proportionate to the level of risk is called for by best practice,” said Norton. “However, we perpetually underestimate the risk and the impact a cyber intrusion has, not only on the victim, but in the broader level of confidence in systems in general.”

“A response is required to recognise the strategies of asynchronous warfare and an elevation of our security preparedness is necessary,” said Norton. “An ‘abundance of caution’ should be the cultural foundation for all cyber security operations going forward to be built upon. The methods of attack are known to us, yet we fail to deploy the correct technology, processes and people to counter intrusion attempts.”

Russian attacks

And Norton is not alone in these sentiments. Earlier this year the Army General Curtis Scaparrotti, who is also NATO’s Supreme Allied Commander in Europe, slammed the ability of the United States to effectively combat Russia’s cyber threats, whilst he was speaking to a US Senate Armed Services Committee hearing.

He said that the US government did not have an effective unified approach to deal with Russia’s cyber threat.

This is despite the fact that US officials and US intelligence agencies have repeatedly warned that Russia is seeking to interfere in the 2018 mid-term US elections, either via social media (to spread fake news, misleading reports or propaganda) or plain old hacking attacks.

The Fancy Bear group is best known for hacking the Democratic National Convention (DNC) and releasing sensitive documents including internal emails ahead of the 2016 US presidential election.

Do you know all about security? Try our quiz!