Microsoft has said that the Russian group linked to the hacking of Hillary Clinton's presidential election campaign has been launching fresh attacks in the US, including against two conservative think tanks.
The hackers created fake websites which were similar to the Hudson Institute, a conservative think tank, and the International Republican Institute, whose board includes six serving senators, former Massachusetts Gov. Mitt Romney and Gen. H.R. McMaster.
Three other fake domains were designed to look as if they belonged to the Senate.
Microsoft said the domains were "associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28." The company said it has no evidence that the domains were used in successful attacks but that it was working with the potential target organizations.
The same group was previously linked to the email hacking of the Democratic National Committee and the Clinton campaign. US special counsel Robert Mueller said that Fancy Bear has ties to the Russian intelligence agency, the GRU.
Microsoft claimed that the domains were posing as some of its company's services. The company also said that the domains were used to send emails to Senate staff to trick them into handing over information, like passwords.
Brad Smith, Microsoft’s president, said: “We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections.”
He said the company had shut down 84 fake websites associated with Fancy Bear over the past two years by obtaining court orders to transfer control of the domains, the Guardian reported. As to where responsibility for the hacking attacks lay, Smith said: “We have no doubt in our minds.”
According to the information shared by Microsoft, the fake websites were intended to mimic the company’s login pages for tools such as email, calendar and document sharing, with web addresses such as “hudsonorg-my-sharepoint.com” and “adfs-senate.email”. An inattentive user who was tricked by such a site may have entered their username and password, allowing an attacker to access their personal data remotely.
The revelation of the new attacks came just weeks after a similar Microsoft discovery led the senator Claire McCaskill, a Missouri Democrat who is running for re-election, to reveal that Russian hackers tried unsuccessfully to infiltrate her Senate computer network.
The hacking attempts mirror similar Russian attacks before the 2016 presidential election, which US intelligence officials have said were focused on helping to get the Republican candidate, Donald Trump, into office by hurting Clinton, his Democratic opponent.
Microsoft said Monday that, in light of the ongoing threats to political groups in the US, it was launching a specialized cybersecurity protection service called AccountGuard.