World

Russian hackers target U.S. conservative think-tanks and Senate, Microsoft says

Hackers linked to Russia's government tried to target the websites of two right-wing U.S. think-tanks, suggesting they were broadening their attacks in the build-up to November elections, Microsoft says.

Company warns of security threats against groups linked to both political parties ahead of midterms

A man is silhouetted as he walks in front of a Microsoft logo at an event in New Delhi last November. Microsoft says it's uncovered new Russian hacking attempts targeting U.S. political groups ahead of the midterm elections. (Altaf Qadri/Associated Press)

Hackers linked to Russia's government tried to target the websites of two right-wing U.S. think-tanks, suggesting they were broadening their attacks in the build-up to November elections, Microsoft said.

The software giant said it had thwarted the attempts last week by taking control of sites that hackers had designed to mimic the pages of The International Republican Institute and The Hudson Institute. Users were redirected to fake pages where they were asked to enter usernames and passwords.

The Russian government denied the allegations on Tuesday.

"We don't know what hackers they are talking about," Kremlin spokesperson Dmitry Peskov told reporters on a conference call. "Who exactly are they talking about? We don't understand what the proof and the basis is for them drawing these kind of conclusions. Such information [proof] is lacking." 

It's about disrupting and diminishing any group that challenges how Putin's Russia is operating at home and around the world.- Eric Rosenbach, Defending Digital Democracy project

Officials in Moscow have regularly dismissed accusations that they have used hackers to influence elections and political opinion in the U.S. and other countries.

Casting such allegations as part of an anti-Russian campaign designed to justify new sanctions on Russia, it says it wants to improve, not worsen ties with Washington.

"We're concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections," Microsoft said in a blog post overnight.

The International Republican Institute has a roster of high-profile Republican board members, including Senator John McCain of Arizona who has criticized U.S. President Donald Trump's interactions with Russia, and Moscow's rights record.

Putin targeting critical groups

The Hudson Institute, another conservative group, has hosted discussions on topics including cybersecurity, according to Microsoft. It has also examined the rise of kleptocracy, especially in Russia and has been critical of the Russian government, the New York Times reported.

"They [the Russians] are pursuing attacks that they perceive in their own national self-interest," said Eric Rosenbach, the director of the Defending Digital Democracy project at Harvard University, on Monday to the New York Times.

"It's about disrupting and diminishing any group that challenges how Putin's Russia is operating at home and around the world."

The report comes amid increasing cyber-tensions between Moscow and Washington ahead of the congressional votes in November.

A federal grand jury in the U.S. indicted 12 Russian intelligence officers earlier in July on charges of hacking the computer networks of 2016 Democratic presidential candidate Hillary Clinton and the Democratic Party.

Special counsel Robert Mueller is investigating Russia's role in the 2016 election and whether Trump's campaign team colluded with Russians during the vote. Russia denies meddling in the elections while Trump has denied any collusion.

Fake Senate websites

Microsoft said its digital crimes unit (DCU) had acted on a court order to take control of six internet domains created by a group known variously as Strontium, Fancy Bear and APT28, which it said was associated with the Russian government.

As well as the two think-tanks, other home pages had been set up to mimic the websites of the U.S. Senate and Microsoft's own Office software suite, it added.

The type of attack is known as "spear fishing," in which the hackers trick victims to enter their user name and password into the fake site in order to steal their credentials.

"To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains," Microsoft said on the blog.

Facebook said late last month it had removed 32 pages and fake accounts from its platforms in a bid to combat foreign meddling ahead of November's U.S. congressional elections.

The company stopped short of identifying the source of the misinformation. But members of Congress who had been briefed by Facebook on the matter said the methodology of the influence campaign suggested Russian involvement.

With files from CBC News