As the midterm elections approach and fears of outside influence increase, Microsoft said Tuesday it had shutdown six websites created by the Russian Fancy Bear cybercrime gang targeting members of the U.S. Senate and conservative think tanks and potentially intended to launch cyberattacks.
The tech giant petitioned a judge in the Eastern District of Virginia to take control of the sites, some of which used misleading domains such as “senate.group,” and “adfs-senate.email.”
Microsoft confirmed the domains, which also included those meant to look like they were generated by the conservative think tank Hudson Institute and could have been used for spearphishing, were linked to “the Russian government and known as Strontium, or alternatively Fancy Bear or APT28.”
It is not the first time that Microsoft has sounded the alarm about Russian interference. At the Aspen Security Summit in July on the same day that GOP members of the House voted not to renew additional funding for election security, the company recounted its efforts to help the U.S. government fend off attempts by Russia to hack into the campaigns of three congressional candidates earlier this year.
Keying on candidates “who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint,” Microsoft Vice President for Customer Security Tom Burt said the hackers volleyed phishing attacks at campaign staffers, hoping to lure them to a fake Microsoft domain and nick their credentials.
“Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” Burt told attendees at the Aspen Security Forum, who said the metadata “suggested” the attacks were aimed at three midterm election hopefuls.