STREAMING NOW: Watch Now
CLOSINGS: View Closings

Microsoft stops Kremlin-based hackers

Microsoft announced parts of an operation linked to Russian military intelligence targeting the US Senate and conservative think tanks were thwarted. CNN's Frederik Pleitgen reports.

Posted: Aug 21, 2018 7:11 PM
Updated: Aug 21, 2018 7:11 PM

Parts of an operation linked to Russian military intelligence targeting the US Senate and conservative think tanks that advocated for tougher policies against Russia were thwarted last week, Microsoft announced early Tuesday.

The disclosure, coming less than three months ahead of the 2018 midterms, demonstrates new ways in which Russia is attempting to destabilize US institutions. The news also places additional pressure on President Donald Trump to take action, even though he downplayed Russia's involvement as recently as Monday.

In its announcement, Microsoft said it executed a court order giving it control of six websites created by a group known as Fancy Bear. The group was behind the 2016 hack of the Democratic National Committee and directed by the GRU, the Russian military intelligence unit, according to cybersecurity firms.

The websites could have been used to launch cyberattacks on candidates and other political groups ahead of November's elections, the company said.

Microsoft said the domains were "associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28." The company said it has no evidence that the domains were used in successful attacks but that it was working with the potential target organizations.

Microsoft argued in court that the domains were posing as some of its company's services.

"Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit," Microsoft President Brad Smith said in a blog posted to the company's website on Monday night.

Although the websites could be used to trick members of the Senate and think tanks, they also could have been used to dupe other people or entities that interact with them.

Think tanks have criticized Russia

Hackers could have used the domains to send emails to Senate staffers or people working for the Hudson Institute or the International Republican Institute in an attempt to trick them into handing over information, like their passwords.

This form of attack, known as spearphishing, was successfully used to target Hillary Clinton's campaign chairman John Podesta in 2016. Missouri Democratic Sen. Claire McCaskill's staff was similarly targeted by a Russian group last year. McCaskill has said the attempt was unsuccessful, and Microsoft took control of the domain that targeted her staff via a court order in Virginia earlier this year.

Among the websites for which a judge in the Eastern District of Virginia granted Microsoft control were those with domain names designed to resemble sites used by congressional staff. They include "senate.group" and "adfs-senate.email."

Other domains were designed to look like they were related to the Hudson Institute, a conservative think tank, and the International Republican Institute, whose board includes six serving senators, former Massachusetts Gov. Mitt Romney and Gen. H.R. McMaster.

Both think tanks have been critical of Russia.

The Hudson Institute runs the Kleptocracy Initiative, which has an advisory council with several Russia experts and focuses on revealing how "financial secrecy fuels globalized corruption and threats to democracy" and frequently scrutinizes on the Kremlin.

The International Republican Institute has been working to promote democracy since the 1980s and receives funding through the US State Department, US Agency for International Development and the National Endowment for Democracy. IRI has also been critical of Russia, and the Russian Federation labeled the group an "undesirable organization" in 2016.

The institute's board of directors includes several Republicans in Congress. Arizona Sen. John McCain led the board earlier this year and Alaska Sen. Dan Sullivan took over for McCain. Both have been critical of Trump.

"This apparent spearphishing attempt against the International Republican Institute and other organizations is consistent with the campaign of meddling that the Kremlin has waged against organizations that support democracy and human rights," Daniel Twining, IRI's president, said in a statement Tuesday morning. "It is clearly designed to sow confusion, conflict and fear among those who criticize (Russian President Vladimir Putin's) authoritarian regime."

Kremlin denies involvement

The Kremlin on Tuesday denied any knowledge of attempts to interfere in US elections.

"Our reaction has already become traditional: we don't know which hackers they are talking about, we don't know what is meant about the impact on elections," Kremlin spokesman Dmitry Peskov said in response to a CNN question. "From the US, we hear that there was not any meddling in the elections. Whom exactly they are talking about, what is the proof, and on what grounds are they reaching such conclusions?"

He added, "We don't understand, and there is no information, so we treat such allegations accordingly."

In an interview with Reuters on Monday, Trump -- who has openly and repeatedly questioned US intelligence findings that Russia interfered in the 2016 election with the goal of harming Hillary Clinton's campaign to aid his bid -- blamed special counsel Robert Mueller's investigation into the matter for undermining his efforts to improve relations with Moscow.

Mueller's investigation has "played right into the Russians -- if it was Russia -- they played right into the Russians' hands," the President said.

But the President's own Director of National Intelligence, Dan Coats, delivered a speech at the Hudson Institute last month, in which he called Russia "the most aggressive foreign actor" participating in efforts to undermine American democracy.

Also last month, the Justice Department announced indictments against 12 members of the GRU, as part of Mueller's investigation, for allegedly disseminating information it had stolen from the Clinton campaign, the Democratic National Committee and the Democratic Congressional Campaign Committee in 2016.

The indictment laid bare how two units of the GRU had been allegedly responsible for the intrusions, putting names to a group that had only been known under monikers like Fancy Bear and APT28.

Recent attacks

The news comes less than a week after it emerged that two Democratic congressional primary candidates were hacked earlier this year.

The campaigns of Dr. Hans Keirstead and David Min, both of whom lost in California's June primaries, were breached, but the groups responsible for the attacks have not been made public and may not be known.

Microsoft said Monday that, in light of the ongoing threats to political groups in the US, it was launching a specialized cybersecurity protection service called AccountGuard.

The company says it will offer the service to all candidates and campaign officials, as well as think tanks and political organizations that use Microsoft Office 365, at no additional cost.

The initiative is part of Microsoft's Defending Democracy Program, which it launched in April. The company said it plans to roll out AccountGuard in other parts of the world.

This story has been updated with additional context about the Russians' attempted interference.

Minnesota Coronavirus Cases

Data is updated nightly.

Cases: 441935

Reported Deaths: 5885
CountyCasesDeaths
Hennepin918591461
Ramsey39405729
Dakota32551324
Anoka30638354
Washington19827221
Stearns17686184
St. Louis13453237
Scott1178693
Wright11485101
Olmsted1024870
Sherburne812364
Carver686636
Clay643278
Rice595266
Kandiyohi551069
Blue Earth533833
Crow Wing476573
Otter Tail449860
Chisago446331
Benton414885
Winona383946
Douglas370366
Nobles364646
Mower358026
Goodhue340757
Polk326754
McLeod321644
Morrison308743
Beltrami305746
Lyon298735
Itasca281143
Becker279438
Isanti279440
Carlton276942
Steele26879
Pine263813
Freeborn237219
Todd230029
Nicollet222136
Brown212334
Mille Lacs211645
Le Sueur206515
Cass203823
Meeker197433
Waseca187515
Martin168226
Wabasha16712
Roseau164916
Hubbard146937
Redwood138527
Renville136139
Houston133213
Dodge13134
Chippewa130632
Cottonwood125118
Fillmore12084
Wadena118214
Rock108511
Sibley10757
Aitkin106633
Watonwan10548
Faribault103214
Kanabec96818
Pennington95915
Pipestone92522
Yellow Medicine92514
Murray8585
Jackson84510
Swift82617
Pope7355
Marshall70115
Stevens6968
Clearwater68114
Lac qui Parle65216
Lake62215
Wilkin6179
Koochiching57910
Lincoln4771
Big Stone4513
Unassigned43568
Grant4247
Norman4218
Mahnomen4077
Kittson36619
Red Lake3154
Traverse2433
Lake of the Woods1741
Cook1130

Iowa Coronavirus Cases

Data is updated nightly.

Cases: 300884

Reported Deaths: 4197
CountyCasesDeaths
Polk44949440
Linn17563269
Scott15228161
Black Hawk13552228
Woodbury12896175
Johnson1191749
Dubuque11229148
Pottawattamie8863112
Dallas874169
Story857433
Webster464768
Cerro Gordo458766
Sioux452451
Clinton445461
Warren430637
Marshall424561
Buena Vista389029
Muscatine382275
Des Moines377340
Plymouth347967
Wapello336796
Jasper315955
Lee310828
Marion298852
Jones268949
Henry262130
Carroll252233
Bremer240048
Crawford227622
Boone214116
Washington213531
Benton207543
Mahaska189936
Jackson189631
Tama184757
Dickinson183225
Delaware171136
Kossuth169241
Clay165319
Wright161724
Fayette157022
Buchanan156920
Hamilton156828
Hardin153129
Harrison152961
Winneshiek150819
Clayton149848
Cedar149119
Butler145423
Page143115
Floyd137236
Cherokee137125
Mills135216
Lyon133132
Poweshiek131024
Hancock127924
Allamakee125927
Iowa122122
Calhoun12159
Jefferson118623
Grundy118522
Winnebago117229
Madison11639
Mitchell114634
Louisa113729
Cass111741
Chickasaw110111
Sac110115
Emmet109931
Appanoose108838
Union107922
Humboldt103919
Guthrie102124
Shelby101026
Franklin99818
Unassigned9370
Palo Alto8969
Keokuk84225
Montgomery82722
Howard81119
Monroe79918
Pocahontas77211
Clarke7717
Ida73530
Greene6837
Davis68221
Adair68120
Lucas6458
Osceola6349
Monona62316
Taylor5889
Worth5873
Fremont5005
Van Buren49112
Decatur4744
Ringgold4229
Wayne41321
Audubon4118
Adams2923
Rochester/St. Mary'S
Cloudy
34° wxIcon
Hi: 36° Lo: 32°
Feels Like: 29°
Mason City
Cloudy
34° wxIcon
Hi: 34° Lo: 31°
Feels Like: 24°
Albert Lea
Cloudy
34° wxIcon
Hi: 34° Lo: 30°
Feels Like: 25°
Austin
Cloudy
34° wxIcon
Hi: 35° Lo: 32°
Feels Like: 26°
Charles City
Cloudy
34° wxIcon
Hi: 35° Lo: 32°
Feels Like: 25°
Snow moving out of the area
KIMT Radar
KIMT Eye in the sky

Latest Video

Image

River Bend Assisted Living receives Pfizer vaccine

Image

MLK Poetry Contest

Image

First Friday for indoor dining

Image

Digging out from last night's storm

Image

Rochester Business Coalition Call to Action

Image

Mask Maker Recognized By Governor Reynolds

Image

Improv-Ice To Benefit Local Restaurants

Image

SNOWMAN AT 4

Image

01-15-21 Bria

Image

Winter Weather Clean Up

Community Events