Microsoft uncovered a Russian operation spoofing U.S. political institutions

Microsoft discovered six websites that spoof U.S. political sites, with the apparent aim of phishing visitors. Microsoft disabled the websites, which appear to be created by a group associated with the Russian government, Monday night.

The sites were built by the hacking group APT28, according to Microsoft’s Digital Crimes Unit, which made the discovery. APT28 was also behind the malware used to infect the Democratic National Committee in 2016, and last year developed a Mac version of that malware. The six sites were created over the past few months, and seem to have been discovered just in time—since midterm elections are coming up this fall.

The Trump administration has admitted that it’s aware that Russia is trying to (again) interfere with our nation’s democratic process this year. In August, Director of National Intelligence Dan Coats said that Russian operatives were “looking for every opportunity, regardless of party” to disrupt the 2018 midterm elections.

On Monday, Microsoft announced that it would be doubling down its efforts to protect American democracy in a blog post. Including the six websites it recently shut down, the company’s Digital Crimes Unit has now shut down 84 fake websites created by the hacking group.

The spoofed U.S. political sites this time around included conservative Washington think tank the Hudson Institute, nonprofit democracy advocate the International Republican Institute, sites that tried to look like they were associated with the Senate, and a site that spoofed Microsoft’s digital products. The faux U.S. political sites that have since been taken down were: hudsonorg-my-sharepoint.com, my-iri.org, adfs-senate.services, adfs-senate.email, senate.group, and office365-onedrive.com.

“Broadening cyberthreats to both U.S. political parties make clear that the tech sector will need to do more to help protect the democratic process,” Microsoft president Brad Smith wrote. “We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections.”

To do its part, Microsoft has developed AccountGuard, an initiative to offer free, state-of-the-art cybersecurity protection to local, state, and federal political candidates, as well as political organizations and think tanks. (Of course, to use AccountGuard individuals and organizations need to be Office 365 users.) AccounGuard will detect and notify users of potential attacks; offer security recommendations in the case an attack is detected; and offer guidance to help political organizations’ have more secure email and network systems.

When asked about Microsoft’s allegations against the Russian government-associated hacker group, Kremlin spokesman Dmitry Peskov told the Washington Post, “We don’t know what hackers they are talking about.”

H/T Washington Post

Christina Bonnington

Christina Bonnington

Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.