Microsoft says it stopped Russian hackers hitting US conservative group sites

null

Microsoft recently said that it had prevented hackers, with ties to the Russian government, from trying to steal user data from conservative groups promoting democracy and advocating for cybersecurity.

Reuters reports that Microsoft’s Digital Crimes Unit (DCU) disrupted and transferred control of six internet domains that were created by the Strontium group. Some might be more familiar with this group’s other aliases – Fancy Bear or APT28.

That’s the same group that targeted Windows users in November 2016, and that was accused of attacking the German government.

“We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,” Microsoft said.

The group created URLs and websites that look almost identical to three US Senate websites. They also created Office 365 lookalike sites, as well as the sites of the International Republican Institute and the Hudson Institute. This type of attack is known as ‘spear fishing’ where hackers trick victims into trying to log into a fake website, effectively giving away their credentials.

Microsoft also added that it’s not sure if these websites have been successfully used or not.

“To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains,” Microsoft said on the blog.

Image Credit: Welcomia / Shutterstock