The world’s biggest software company says Russian hackers created mimic websites belonging to the US Senate and the think tanks. Kremlin denies allegations.

Microsoft says it had no evidence that the hackers had succeeded in compromising any user credentials.
Microsoft says it had no evidence that the hackers had succeeded in compromising any user credentials. (Reuters)

Microsoft Corp said that hackers linked to Russia’s government sought to launch cyber attacks on the US Senate and conservative American think tanks, warning that Moscow is broadening attacks ahead of November’s congressional elections.

The world’s biggest software company said late on Monday that it last week took control of six web domains that hackers had created to mimic websites belonging to the Senate and the think tanks.

Such fake sites can be used by hackers to try and trick users into giving up their login details, which would then give the attackers access to confidential systems and files.

The domain takedowns are the latest in a string of actions by Microsoft to thwart what it says are hacking attempts by a Russian-backed hacking group known as APT28, or Fancy Bear. The company said it has shut down 84 fake websites in 12 court-approved actions over the past two years.

“We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,” Microsoft President Brad Smith said in a blog post.

Microsoft said it had no evidence that the hackers had succeeded in compromising any user credentials before it took control of the malicious sites or whether any data was stolen.

The Kremlin rejected the Microsoft allegations and said there was no evidence to support them.

“We don’t know what hackers they are talking about,” Kremlin spokesman Dmitry Peskov told reporters. “Who exactly are they talking about? We don’t understand what the proof and the basis is for them drawing these kind of conclusions. Such information (proof) is lacking.”

Moscow has repeatedly dismissed allegations that it has used hackers to influence US elections and political opinion.

On Tuesday, the US Treasury Department imposed new sanctions on two Russians, one Russian company and one Slovakian firm for what it said were their actions to help another Russian company avoid sanctions targeting Russia’s malicious cyber-related activities.

TRT World's Nick Harper has more details from New York.

"Run-of-the-mill spying"

The targets, Microsoft said, included the International Republican Institute, whose high-profile Republican board members include Senator John McCain of Arizona, who has criticised US President Donald Trump’s interactions with Russia and Moscow’s rights record.

The Hudson Institute, another target, has hosted discussions on topics including cyber security, according to Microsoft. It has also examined the global rise of kleptocracy, citing Russia as an example.

Other malicious domains were used to mimic legitimate sites used by the US Senate and Microsoft’s Office software suite, the company said.

Microsoft’s report came amid increasing tensions between Moscow and Washington over alleged election-meddling.

A US federal grand jury indicted 12 Russian intelligence officers in July on charges of hacking Democratic Party computer networks in an attempt to sway the 2016 US presidential election, and some US officials have said Moscow could try to interfere in the US midterm elections in November.

Three US intelligence officials, speaking on the condition of anonymity, said the Russian hacking into traditional Republican policy organisations is neither new nor confined to Russia. 

Others including China and Iran, have attempted to penetrate the websites and communications of political and other groups across what one of the officials described as “the entire political spectrum from far left to far right.”

One cybersecurity researcher said there was no evidence to link this latest activity directly election interference.

“APT28 has targeted political entities for around a decade, as have other actors, including other Russian actors. This activity today looks like run-of-the-mill spying. So far nothing special,” said Thomas Rid, professor of strategic studies at John Hopkins School of Advanced International Studies (SAIS).

“The interesting question is if stolen information surfaces publicly or not. For the moment I sit and wait. What’s interesting is not hacking and trolling, but leaking and forging.”

Microsoft said the internet has become an avenue for some governments to steal information, spread disinformation and potentially tamper with voting.

“We saw this during the United States general election in 2016, last May during the French presidential election, and now in a broadening way as Americans are preparing for the November midterm elections.”

Source: TRTWorld and agencies