Microsoft said to reveal new Russian hacking of conservative groups sites

by Alice Woods - -

Microsoft announced that it has detected new Russian cyber-attacks ahead of the Mid-Term Elections.

New Russian Hacking again US Senate

Microsoft said to uncover new Russian hacks against the U.S. Senate

The tech company has said Tuesday that the Russian-based APT28 hacking group which also can be recognized as Fancy Bear, Strontium, Sofacy, Sednit, and Pawn Storm, has launched at least 6 fraudulent websites that intend to look as if they belong to the U.S. Senate. The websites are closely related to conservative groups and aim to trick its visitors and hack into their machines. [1]

The following fake websites were uncovered and are registered with major hosting companies:

  1. my-iri.org
  2. hudsonorg-my-sharepoit.com
  3. senate.group
  4. adfs-senate.services
  5. adfs-senate.email
  6. office365-onedrive.com

As you can see, two of the websites were created to mimic two of the U.S. organizations:

  • The International Republican Institute[2] also known as IRI, which is a non-profit and nonpartisan organization promoting freedom and democracy worldwide.
  • The Hudson Institute[3] – a non-profit politically conservative think tank based in Washington DC.

It is worth to mention that there is no sign that the fraudulent websites got any visitors to click on the fake websites, the fake websites were launched over the last couple months.

To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains.

The tech giant did not mention more details of the attack.

The fake websites were disabled last week by the Microsoft Digital Crimes Unit, after receiving court approval.

Not the first attack against US Senate performed by APT28

The hacking group has been active since at least 2007. APT28 has been linked to the General Staff Main Intelligence Directorate, also known as GRU – Russian secret military agency.

Microsoft has already taken down 84 websites created by the APT28 hacking group.

In addition, Microsoft Vice President Tom Burt announced that another fake domain, created by the same hacking group, was shut down due to its malicious activity. The fake domain registered by the APT28 hacking group was designed to perform phishing attacks against congressional candidates.

The notorious hacking group has also been accused of several infamous hacks performed against the US Senate during the past years, including the 2016 presidential election hack.

According to Microsoft, “APT28 sought to establish a command and control infrastructure by which means Defendants conduct illegal activities, including attacks on computers and networks, monitoring of the activities of users, and the theft of information.”

 

About the author

Alice Woods
Alice Woods - Antivirus software analyst

Alice Woods is an anti-malware analyst at Reviewedbypro.com. She is passionate about testing new pieces of software and discovering pros and cons of each program.

Contact Alice Woods
About the company Esolutions

References



Ask
now online
news
Subscribe
Privacy
Security
Recovery
Utilities
Like us on Facebook