Russian hackers went after conservative US groups: Microsoft

Paul HANDLEY
1 / 3
"Democracies around the world are under attack": Microsoft President Brad Smith

Russian government hackers tried to hijack the websites of conservative US think tanks, Microsoft said Tuesday, raising fresh alarms over widening efforts by Moscow to sow discord in US politics.

The tech giant announced that it had shut down last week six fake internet domains that were set up by the notorious "Fancy Bear" hacking shop, controlled by the Russian armed forces' GRU intelligence agency, that mimicked the pages of two think tanks as well as the US Senate.

The fake, lookalike websites were aimed at diverting users from the real ones in order to siphon off email and passwords, Microsoft said.

It was a significant expansion of the "Fancy Bear" activities, which, since the 2016 presidential race, had targeted mainly candidates and their campaigns, political parties, and voting systems.

It came amid heightened concerns that Russians are attempting to meddle in the upcoming congressional elections in November, in which President Donald Trump's Republican Party's lock-hold on the legislature is under threat.

Cybersecurity consultants including Microsoft have already identified several attempts to penetrate individual candidates' campaigns.

"We're concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections," said Microsoft president Brad Smith in a blog post.

"It's clear that democracies around the world are under attack," he said.

- November polls -

The move came as US political institutions and government agencies have stepped up their defenses against hacking and social media manipulation after Russia's deep interference in the 2016 presidential election.

US intelligence chiefs said President Vladimir Putin presided over the effort by the GRU and another intelligence body, the Federal Security Service, the successor to the KGB, to break into computers of the Democratic Party and the campaign of Democrat Hillary Clinton, in an ultimately successful effort to damage her run for the White House.

In July, Russia meddling investigator Robert Mueller indicted 12 GRU agents over their hacking actions in the 2016 election.

Several Western European government, including Sweden, Germany, France and the Netherlands, have documented efforts by the same bodies to interfere in their politics in the past three years, sparking a broader effort to fight back.

Microsoft said one of the think tanks targeted by Fancy Bear, also known in cybersecurity circles as APT28, was the International Republican Institute, which promotes democratic principles and whose board includes Republican senator John McCain, a strong critic of Putin.

The other was the Hudson Institute, which supports keeping up economic and political pressure on Russia and strengthening NATO -- positions that leaves it generally at odds with US President Donald Trump.

Last month US Director of National Intelligence Dan Coats said in a talk at the Hudson Institute that, among cyber threats, "Russia has been the most aggressive foreign actor -– no question. And they continue their efforts to undermine our democracy."

The GRU hackers also set up fake internet domains that were purportedly for the US Senate, according to Microsoft.

- 84 fake sites closed in two years -

Microsoft obtained a court order to shut down the six websites. That took to 84 the number of fake sites set up by Fancy Bear that the company has taken down over the past two years, Smith said.

In the most recent case, Microsoft said it has no evidence the fake domains were used in any successful hacking attack, and that it did not know of any specific people who may have been GRU targets in the operation.

Experts said the aim was to go after anyone who opposes Putin.

"This is another demonstration of the fact that the Russians aren't really pursuing partisan attacks. They are pursuing attacks that they perceive in their own national self-interest," Eric Rosenbach, the director of the Defending Digital Democracy project at Harvard University, told the New York Times.

The Kremlin dismissed the fresh allegations, with spokesman Dmitry Peskov saying he did not know "which hackers are being talked about, what influencing of elections."

"We do not understand what Russian military intelligence has to do with this. What are the basis of such serious accusations? They should not be raised without some foundation," he told journalists.