Microsoft’s Digital Crimes Unit says Russian hackers are broadening their scope leading up to the November election, and two conservative think tanks were recent targets.
Last week, the DCU obtained a court order to seize control of six fake websites appearing to mimic the domains of American institutions such as the International Republican Institute, the Hudson Institute and the U.S. Senate.
The International Republican Institute is an organization that promotes democracy, and its board includes big-name Republicans including former Gov. Mitt Romney (R-Mass.), Sen. John McCain (R-Ariz.), Sen. Lindsey Graham (R-S.C.) and Marco Rubio (R-Fl.).
The Hudson Institute is a think tank that also has international reach. Its analysts have been vocal in exposing Russian corruption, as well as the Kremlin’s interference in global markets and elections.
DCU president Brad Smith announced the discoveries in a blog post Monday evening, saying that his team has been in close contact with the Senate’s IT department, and will continue to monitor all affiliated domains.
Smith wrote that the DCU found no evidence the phony domains were used in any attacks prior to their seizure. But he does believe the hackers are ramping up activity prior to the U.S. midterm elections.
“We are now seeing another uptick in attacks. What is particular in this instance is the broadening of the type of websites they are going after,” he told The New York Times, adding “These are organizations that are informally tied to Republicans, so we see them broadening beyond the sites they have targeted in the past.”
The fake sites were created by a group called Stronium. Also known as Fancy Bear or APT28, Smith said Stronium is “widely associated with the Russian government.”
IRI president Daniel Twining addressed the attacks on Tuesday, telling The Washington Post, “This apparent spear-phishing attempt against the International Republican Institute and other organizations is consistent with the campaign of meddling that the Kremlin has waged against organizations that support democracy and human rights.
“It is clearly designed to sow confusion, conflict and fear among those who criticize Mr. Putin’s authoritarian regime.”
What did the Kremlin say?
Responding to the allegations, Kremlin spokesman Dmitry Peskov told reporters, “We don’t know what hackers they are talking about. We don’t understand what they mean and what the evidence is, what the conclusions are based on.”