A group affiliated with the Russian government has been found by Microsoft to have created at least six websites that appear to be legitimate entities like the U.S. Senate, as well as fake versions of some conservative sites the Hudson Institute and the International Republican Institute, and even one that attempted to spoof Microsoft’s own products.
The goal? To trick people into coming to the sites in order to install malicious software on target computers (like those of political members), or fool people into giving up confidential information.
A man looks at the computer screen with a page of Russian Prime Minister Dmitry Medvedev in Twitter in Moscow on August 14, 2014. (Photo credit YURI KADOBNOV/AFP/Getty Images)
While the same kinds of attacks were used in 2016 to influence the outcome of the U.S. presidential election via spear phishing—which is used to steal confidential information—this time, it’s apparently an attempt to disrupt democracy and sow discord and hatred between our citizens.
“This activity is most fundamentally focused on disrupting democracy,” Brad Smith, Microsoft’s president and chief legal officer, said in an interview this week.
Known by various names around the world such as Strontium, Fancy Bear, and APT28, the group responsible is tied to the GRU, Russia’s primary military intelligence agency.
In this photo illustration artwork found on the Internet showing Fancy Bear is seen on the computer of the photographer during a session in the plenary hall of the Bundestag, the German parliament, on March 1, 2018 in Berlin, Germany. (Photo by Sean Gallup/Getty Images)
Immediately after discovering the fake websites with malware, Microsoft disabled the domains and pages; however, the company says the sites were not fully completed yet, so they did not affect anyone.
If they had, then emails, documents, contact lists, and even financial records could have been compromised.
“This apparent spear-phishing attempt against the International Republican Institute and other organizations is consistent with the campaign of meddling that the Kremlin has waged against organizations that support democracy and human rights,” said Daniel Twining, International Republican Institute’s president, who blamed Russian President Vladimir Putin.
“It is clearly designed to sow confusion, conflict and fear among those who criticize Mr. Putin’s authoritarian regime.”
Microsoft has disabled 84 similar websites since 2016 that were created by APT28, using a legal technique to transfer the domains where they were housed to its own servers. It has done the same to some other malicious sites and so-called “botnet” automated social media accounts since 2010.
“Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France,” said Microsoft president and chief legal officer Brad Smith.