Microsoft Discovers New Russian Hacking Attempts Ahead of U.S. Midterm Elections
In a recent revelation, Microsoft announced the discovery of new hacking efforts attributed to the Russian hacking group APT28, also known as Strontium or Fancy Bear. These attempts, aimed at conservative think tanks and the U.S. Senate, surfaced amid heightened concerns surrounding the 2018 midterm elections.
The tech giant disclosed that APT28 has created at least six counterfeit websites mimicking U.S. Senate and right-leaning organizations. This disinformation campaign seeks to deceive visitors and potentially compromise their systems. Among the fraudulent domains, three were designed to resemble official U.S. Senate sites, while one imitated a Microsoft product page.
The two additional fake websites aimed to impersonate established conservative organizations: the Hudson Institute, which engages in critical discussions including cybersecurity, and the International Republican Institute (IRI), a nonprofit organization known for promoting democracy and featuring prominent Republican figures on its board.
Despite Microsoft’s proactive measures, the company reported no indications that visitors had successfully interacted with these counterfeit sites. The domains, registered with major web-hosting services over the past several months, were recently deactivated following legal intervention from Microsoft’s Digital Crimes Unit. This unit has effectively shut down a total of 84 APT28-operated fake websites since 2016.
The potential tactics employed by APT28 align with several categories outlined in the MITRE ATT&CK framework. Initial access strategies might have included social engineering techniques, leveraging the fraudulent domains to lure individuals into clicking on malicious links. Persistence tactics could be inferred from the methodical registration and deployment of these counterfeit websites, aiming to maintain a foothold for future attacks.
In a recent discussion at the Aspen Security Forum, Microsoft’s VP Tom Burt confirmed the company’s actions against another fraudulent domain established for phishing attacks on congressional candidates. The ongoing vigilance against such threats is critical, especially considering APT28’s long history of cyber espionage, linked to the Russian military intelligence agency, the GRU.
The timing of Microsoft’s announcement is significant, following the recent indictment of twelve Russian intelligence officers by U.S. authorities for their involvement in the 2016 cyber attacks on the Democratic National Committee. This context underscores the persistent threats posed by foreign adversaries, making cybersecurity a top priority for organizations across the U.S.
As the landscape of cyber threats continues to evolve, remaining aware of emerging tactics and techniques aligned with the MITRE ATT&CK framework can be invaluable for businesses looking to bolster their defenses. The implications of these findings should serve as a reminder for organizations to continuously assess their cybersecurity posture, particularly in a politically charged environment.
