Microsoft Fends Off Spearphishing Attack Targeting U.S. Senate

The tech giant said its digital crimes unit executed a court order to “disrupt and transfer control of six Internet domains created by a group widely associated with the Russian government.”

by Eric Garcia, CQ-Roll Call / August 21, 2018
Shutterstock

(TNS) — WASHINGTON — Microsoft announced late Monday that it thwarted a spearphishing attack against the U.S. Senate by a group affiliated with Russian intelligence.

In a statement, the tech giant said its digital crimes unit “executed a court order to disrupt and transfer control of six Internet domains created by a group widely associated with the Russian government.”

The group is known as Strontium, Fancy Bear and APT28 and was also recently named in an indictment from the investigation into Russian interference in elections by Special Counsel Robert S. Mueller III, NBC News reported.

Microsoft said the transfer control showed Strontium targeted the U.S. Senate but wasn’t specific about which offices were targeted.

Strontium also appeared to target conservative think tanks the Hudson Institute and the International Republican Institute.

Hackers used domains similar to those of the institutions in an apparent attempt to get access to information like passwords and other data, Microsoft said.

The International Republican Institute’s board of directors includes hawkish Republican Sens. John McCain, Tom Cotton, Joni Ernst, Lindsey Graham, Marco Rubio and Dan Sullivan, who is chairman.

Former Sens. Kelly Ayotte and Mark S. Kirk, former Republican presidential nominee and and Utah Senate candidate Mitt Romney, and former national security adviser Gen. H.R. McMaster, are also board members.

“To be clear, we currently have no evidence these domains were used in any successful attacks before (Microsoft’s Digital Crimes Unit) transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains,” the statement said.

Microsoft said it informed the two think tanks, both responded quickly.

Missouri Democratic Sen. Clair McCaskill announced last month that one of her staffers had been the target of a Russian phishing attack that was unsuccessful. A similar operation in 2016 was successful in accessing the files of Hillary Clinton presidential campaign chairman John Podesta.

“Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France,” Microsoft said in its statement, which was written on a blog on its website by its president Brad Smith.

©2018 CQ-Roll Call, Inc., All Rights Reserved Distributed by Tribune Content Agency, LLC.