The Fancy Bear hacker group, which the cybersecurity firm CrowdStrike believes is associated with the Russian military intelligence agency (GRU), and is also believed to be responsible for the 2016 Democratic National Committee hacks, were just caught red handed once again.
This time, according to CNN, Microsoft found that the group was trying to use similar tactics as they did against the DNC two years ago to attack US Senate candidates in the 2018 midterm elections. In a method called spear-fishing, the hackers utilized domain names similar to those owned by Microsoft. They then sought to trick their potential victims into thinking that these domains were actually Microsoft’s domains, convincing them to turn over personal information and passwords, which could later be used to compromise other accounts.
A Federal Judge in the Eastern District of Virginia worked with Microsoft to grant them access to the domains, which appear to have been designed to try and trick US Senate staff. Examples of such domains are “senate.group,” and “adfs-senate.email.”
Microsoft does not know if the domains were used successfully by the hackers or if any private information of campaigns or candidates fell into the hackers’ hands, but they do know that the group behind them was “associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28.”
“Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit,” Microsoft President Brad Smith wrote.
Microsoft also believes that the hackers targeted conservative think tanks such as the Hudson Institute and the International Republican Institute.
With the mid-term elections just over two and a half months away, this move by Microsoft and the US Government may have halted yet another attack on the US election system by Russia.