Microsoft Detects Phishing Sites That Mimic Republican Groups

Microsoft recently announced that it sabotaged attempts by Russian hackers to interfere in the US elections. The IT giant said that it used a court order to disabled six domains created by a cyber espionage group linked with the Russian government that goes by the names of APT28, Fancy Bear or Strontium. The group is widely believed to have interfered with the 2016 presidential election.

Microsoft president Brad Smith broke the news in a blog post where he stated that Microsoft’s Digital Crimes Unit took control of my-iri.org, hudsonorg-my-sharepoint.com, senate.group, adfs-senate.services, adfs-senate.email, and office365-onedrive.com.

Microsoft said there was no evidence to suggest that the domains had been successfully used in any attack. But the naming indicates that they could have been used to launch phishing attacks against political targets. my-iri.org, hudsonorg-my-sharepoint.com, in particular, could’ve been used to impersonate two conservative think tanks and used in the same manner that exploited the account of Clinton campaign chairman John Podesta.

Smith also said that “this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France.”

Microsoft has announced that its Defending Democracy Program will expand to include AccountGuard, a free security service aimed at customers in the political space that has been designed to help highly targeted customers protect themselves from cyber security threats.

AccountGuard offers best practices and security guidance specific to those in the political space, access to cybersecurity webinars and workshops, as well as unified threat detection and notifications system.

A few weeks earlier, Microsoft had also announced that it had detected that Russian hackers were targeting multiple 2018 campaigns.