Microsoft has spotted a new hacking campaign targeting 2018 midterm elections, the experts attributed the attacks to Russia-linked APT28 group.
Microsoft has spotted a new hacking campaign targeting 2018 midterm elections.
The tech giant attributed to Russia-linked APT28 a series of cyber attacks aimed at Members of United States’ Senate, conservative organizations and think tanks.
According to Microsoft, the Russian cyberspies created at least six fake websites related to US Senate and conservative organizations to infect the visitors’ systems.
The remaining websites were designed to mimic two U.S. conservative think tanks:
- The Hudson Institute — a conservative Washington think tank.
- The International Republican Institute (IRI) — a nonprofit group that promotes democracy worldwide and whose board includes prominent Republican figures like Sen. John McCain.
The fake sites were created over the past several months, hackers registered them with major web-hosting companies.
Microsoft did not provide further details on the attacks.
In July, speaking at the Aspen Security Forum, Microsoft VP Tom Burt announced that the tech company uncovered and stopped attempts to launch spear-phishing attacks on three 2018 congressional candidates.
Microsoft blamed the Russian APT28 group for the attacks.
We “discovered that the [fake domains] were being registered by an activity group that at Microsoft we call Strontium…that’s known as Fancy Bear or APT 28,” Burt explained.
“The consensus of the threat intelligence community right now is [that] we do not see the same level of activity by the Russian activity groups leading into the mid-year elections that we could see when we look back at them at that 2016 elections,”
The discovery made by Microsoft is part of the Microsoft’s Defending Democracy Program launched in April that is focused on four priorities: protecting campaigns from hacking, protecting voting and the electoral process, increasing political advertising transparency, and defending against disinformation campaigns.
Microsoft announced also its initiative AccountGuard that provides the following services to organizational and personal email accounts:
- Threat notification across accounts. The Microsoft Threat Intelligence Center will enable Microsoft to detect and provide notification of attacks in a unified way across both organizational and personal email systems. For political campaigns and other eligible organizations, when an attack is identified, this will provide a more comprehensive view of attacks against campaign staff. When verifiable threats are detected, Microsoft will provide personal and expedited recommendations to campaigns and campaign staff to secure their systems.
- Security guidance and ongoing education. Officials, campaigns and related political organizations will receive guidance to help make their networks and email systems more secure. This can include applying multi-factor authentication, installing the latest security updates and guidance for setting up systems that ensure only those people who need data and documents can access them. AccountGuard will provide updated briefings and training to address evolving cyberattack trends.
- Early adopter opportunities. Microsoft will provide preview releases of new security features on a par with the services offered to our large corporate and government account customers.
The post Microsoft says Russian hackers continue targeting 2018 midterm elections appeared first on Security Affairs.