Microsoft reportedly block hacking attempts made by russia

During Midterm Elections Microsoft said it detected and helped the US government to block Russian hacking attempts against at least three congressional candidates this year, a Microsoft executive revealed speaking at the Aspen Security Forum today.

Although the company refused to name the targets but said, the three candidates were “people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint.”

According to the company, the Russian hackers targeted the candidates’ staffers with phishing attacks, redirecting them to a fake Microsoft website, in an attempt to steal their credentials.

“Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” said Tom Burt, Microsoft’s vice president for customer security.

“And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections.”

Immediately after learning of this incident, Microsoft took down the fake domain and worked with the government to “avoid anybody being infected by that particular attack.”

The company also ensured that none of the targeted campaign staffers were infected by the attack.

Burt specified that the hacking attempts were conducted by a Russian hacking group, though so far the group has been less active compared to 2016, during the U.S. presidential election.

“In other words,” Microsoft outside counsel Sten Jenson explained in a court filing last year,  “any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server.”

Historically, Fancy Bear has mostly targeted Windows with its malware, and has leaned heavily on Microsoft products when choosing domain names—thus giving Microsoft standing in the lawsuit.  On Friday, after months of litigation and thousands of pages of filings, a judge in Alexandria, Virginia is scheduled to hear Microsoft’s motion for a final default judgment and permanent injunction against Fancy Bear.

Microsoft “discovered that these [fake domains] were being registered by an activity group that at Microsoft we call Strontium…that’s known as Fancy Bear or APT 28,” Burt said.

“The consensus of the threat intelligence community right now is [that] we do not see the same level of activity by the Russian activity groups leading into the mid-year elections that we could see when we look back at them at that 2016 elections,” he added.

For instance, Burt said the hackers are not infiltrating think tanks and targeting academia experts that they did during the 2016 presidential election.

However, Burt warned that “That does not mean we’re not going to see it, there is a lot of time left before the election.”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.