Microsoft stops Kremlin-based hackers

Microsoft announced parts of an operation linked to Russian military intelligence targeting the US Senate and conservative think tanks were thwarted. CNN's Frederik Pleitgen reports.

Posted: Aug 21, 2018 7:11 PM
Updated: Aug 21, 2018 7:11 PM

Parts of an operation linked to Russian military intelligence targeting the US Senate and conservative think tanks that advocated for tougher policies against Russia were thwarted last week, Microsoft announced early Tuesday.

The disclosure, coming less than three months ahead of the 2018 midterms, demonstrates new ways in which Russia is attempting to destabilize US institutions. The news also places additional pressure on President Donald Trump to take action, even though he downplayed Russia's involvement as recently as Monday.

In its announcement, Microsoft said it executed a court order giving it control of six websites created by a group known as Fancy Bear. The group was behind the 2016 hack of the Democratic National Committee and directed by the GRU, the Russian military intelligence unit, according to cybersecurity firms.

The websites could have been used to launch cyberattacks on candidates and other political groups ahead of November's elections, the company said.

Microsoft said the domains were "associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28." The company said it has no evidence that the domains were used in successful attacks but that it was working with the potential target organizations.

Microsoft argued in court that the domains were posing as some of its company's services.

"Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit," Microsoft President Brad Smith said in a blog posted to the company's website on Monday night.

Although the websites could be used to trick members of the Senate and think tanks, they also could have been used to dupe other people or entities that interact with them.

Think tanks have criticized Russia

Hackers could have used the domains to send emails to Senate staffers or people working for the Hudson Institute or the International Republican Institute in an attempt to trick them into handing over information, like their passwords.

This form of attack, known as spearphishing, was successfully used to target Hillary Clinton's campaign chairman John Podesta in 2016. Missouri Democratic Sen. Claire McCaskill's staff was similarly targeted by a Russian group last year. McCaskill has said the attempt was unsuccessful, and Microsoft took control of the domain that targeted her staff via a court order in Virginia earlier this year.

Among the websites for which a judge in the Eastern District of Virginia granted Microsoft control were those with domain names designed to resemble sites used by congressional staff. They include "senate.group" and "adfs-senate.email."

Other domains were designed to look like they were related to the Hudson Institute, a conservative think tank, and the International Republican Institute, whose board includes six serving senators, former Massachusetts Gov. Mitt Romney and Gen. H.R. McMaster.

Both think tanks have been critical of Russia.

The Hudson Institute runs the Kleptocracy Initiative, which has an advisory council with several Russia experts and focuses on revealing how "financial secrecy fuels globalized corruption and threats to democracy" and frequently scrutinizes on the Kremlin.

The International Republican Institute has been working to promote democracy since the 1980s and receives funding through the US State Department, US Agency for International Development and the National Endowment for Democracy. IRI has also been critical of Russia, and the Russian Federation labeled the group an "undesirable organization" in 2016.

The institute's board of directors includes several Republicans in Congress. Arizona Sen. John McCain led the board earlier this year and Alaska Sen. Dan Sullivan took over for McCain. Both have been critical of Trump.

"This apparent spearphishing attempt against the International Republican Institute and other organizations is consistent with the campaign of meddling that the Kremlin has waged against organizations that support democracy and human rights," Daniel Twining, IRI's president, said in a statement Tuesday morning. "It is clearly designed to sow confusion, conflict and fear among those who criticize (Russian President Vladimir Putin's) authoritarian regime."

Kremlin denies involvement

The Kremlin on Tuesday denied any knowledge of attempts to interfere in US elections.

"Our reaction has already become traditional: we don't know which hackers they are talking about, we don't know what is meant about the impact on elections," Kremlin spokesman Dmitry Peskov said in response to a CNN question. "From the US, we hear that there was not any meddling in the elections. Whom exactly they are talking about, what is the proof, and on what grounds are they reaching such conclusions?"

He added, "We don't understand, and there is no information, so we treat such allegations accordingly."

In an interview with Reuters on Monday, Trump -- who has openly and repeatedly questioned US intelligence findings that Russia interfered in the 2016 election with the goal of harming Hillary Clinton's campaign to aid his bid -- blamed special counsel Robert Mueller's investigation into the matter for undermining his efforts to improve relations with Moscow.

Mueller's investigation has "played right into the Russians -- if it was Russia -- they played right into the Russians' hands," the President said.

But the President's own Director of National Intelligence, Dan Coats, delivered a speech at the Hudson Institute last month, in which he called Russia "the most aggressive foreign actor" participating in efforts to undermine American democracy.

Also last month, the Justice Department announced indictments against 12 members of the GRU, as part of Mueller's investigation, for allegedly disseminating information it had stolen from the Clinton campaign, the Democratic National Committee and the Democratic Congressional Campaign Committee in 2016.

The indictment laid bare how two units of the GRU had been allegedly responsible for the intrusions, putting names to a group that had only been known under monikers like Fancy Bear and APT28.

Recent attacks

The news comes less than a week after it emerged that two Democratic congressional primary candidates were hacked earlier this year.

The campaigns of Dr. Hans Keirstead and David Min, both of whom lost in California's June primaries, were breached, but the groups responsible for the attacks have not been made public and may not be known.

Microsoft said Monday that, in light of the ongoing threats to political groups in the US, it was launching a specialized cybersecurity protection service called AccountGuard.

The company says it will offer the service to all candidates and campaign officials, as well as think tanks and political organizations that use Microsoft Office 365, at no additional cost.

The initiative is part of Microsoft's Defending Democracy Program, which it launched in April. The company said it plans to roll out AccountGuard in other parts of the world.

This story has been updated with additional context about the Russians' attempted interference.

Minnesota Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 43742

Reported Deaths: 1558
CountyConfirmedDeaths
Hennepin13948793
Ramsey5397238
Dakota285297
Stearns257519
Anoka2510115
Nobles16986
Washington134441
Olmsted133620
Mower9942
Scott9534
Rice8988
Clay63238
Blue Earth6292
Kandiyohi6001
Wright5645
Carver5182
Todd4052
Sherburne3755
Lyon3642
Freeborn3160
Watonwan2730
Steele2661
Benton2503
St. Louis24916
Nicollet21513
Martin1805
Winona15615
Goodhue1468
Cottonwood1440
Le Sueur1421
Otter Tail1231
Crow Wing11912
Pine1150
Chisago1131
Dodge1050
McLeod1020
Pipestone975
Carlton960
Unassigned9440
Polk903
Isanti860
Murray860
Chippewa841
Douglas830
Waseca820
Itasca7912
Morrison701
Becker690
Meeker671
Faribault640
Beltrami620
Jackson590
Sibley592
Pennington550
Brown532
Wabasha460
Mille Lacs412
Swift391
Fillmore380
Renville373
Rock350
Yellow Medicine340
Lincoln330
Houston320
Grant311
Roseau290
Koochiching261
Redwood250
Wilkin233
Cass222
Norman210
Pope190
Big Stone180
Kanabec181
Wadena180
Aitkin170
Marshall170
Clearwater140
Mahnomen131
Hubbard120
Stevens110
Lake100
Traverse80
Lac qui Parle60
Red Lake50
Kittson20
Cook10
Lake of the Woods00

Iowa Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 36437

Reported Deaths: 776
CountyConfirmedDeaths
Polk7803188
Woodbury338645
Black Hawk257660
Buena Vista174112
Johnson15438
Linn145684
Dallas145133
Scott117410
Marshall112519
Dubuque105423
Story8978
Pottawattamie85913
Wapello71731
Muscatine70945
Crawford6823
Sioux5190
Tama49329
Webster4485
Wright4081
Jasper37517
Louisa36813
Plymouth3645
Cerro Gordo3569
Warren3481
Dickinson3123
Washington2559
Hamilton2071
Boone1741
Clay1521
Clinton1471
Clarke1463
Allamakee1384
Mahaska12417
Shelby1240
Bremer1227
Carroll1211
Franklin1170
Poweshiek1148
Pocahontas1091
Des Moines1052
Emmet990
Cedar971
Hardin950
Henry943
Cherokee871
Marion870
Guthrie844
Floyd832
Benton811
Taylor810
Jones801
Monona780
Butler742
Jackson740
Osceola700
Sac690
Hancock672
Buchanan661
Calhoun662
Lyon650
Harrison640
Jefferson640
Iowa631
Fayette620
Humboldt621
Madison612
Kossuth580
Delaware571
Palo Alto550
Lee542
Mills540
Monroe547
Winneshiek532
Clayton513
Mitchell510
Grundy500
Union501
Winnebago490
Davis431
Unassigned390
Howard370
Lucas354
Chickasaw340
Greene310
Appanoose303
Worth300
Cass290
Ida240
Keokuk231
Page220
Van Buren211
Adair170
Audubon171
Montgomery172
Ringgold161
Decatur140
Fremont110
Wayne111
Adams80
Rochester
Clear
76° wxIcon
Hi: 80° Lo: 65°
Feels Like: 76°
Mason City
Clear
76° wxIcon
Hi: 83° Lo: 65°
Feels Like: 76°
Albert Lea
Clear
77° wxIcon
Hi: 82° Lo: 67°
Feels Like: 79°
Austin
75° wxIcon
Hi: 82° Lo: 65°
Feels Like: 75°
Charles City
Clear
73° wxIcon
Hi: 82° Lo: 64°
Feels Like: 73°
Clouds continue to clear as a warming trend heads our way
KIMT Radar
KIMT Eye in the sky

Latest Video

Image

Dave's Noon Weather 7/16

Image

City of Rochester working to distribute CARES Act Funding

Image

Virtual Vendors struggling with online sales

Image

Dave's 6:30 Weather 7/16

Image

The Landing MN Seeking Volunteers

Image

Finding the positives in delayed NJCAA fall sports season

Image

Day Center and RPL Updates

Image

Travel heads up. You might have to quarantine when you get there

Image

Sean's 10pm Weather 7/15

Image

Sustainable Building with Mass Timber

Community Events