Following a court order, Microsoft has shut down 6 phishing domains run by cyber-espionage group Strontium/Fancy Bear/APT28 associated with the Russian government. The technology company has used the same approach to shut down 84 fake websites – by the same group, 12 times in 2 years it said in its blog post. The domains were posing as legitimate portals of the US Senate and two conservative US think-thanks.
The six domains that Microsoft took down were —
– adfs-senate.email and
Microsoft adds that “To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains.”
Pattern mirrors 2016 election activity: Microsoft
Microsoft expressed concern that the attacks were aimed across the political spectrum to target think-thanks, elected officials, and politicians. This, it noted, followed patterns it observed prior to the 2016 US Elections and the 2017 elections in France. Microsoft said that a federal court, which ordered the suspension, concluded that there is “good cause” to believe that Strontium is “likely to continue” its conduct. It assumes on the side of caution that the attacks may broaden further.
Russia denies attempted hacking efforts
Meanwhile, Russia has denied any knowledge of an attack on US political systems. “From the US, we hear that there was not any meddling in the elections. Whom exactly they are talking about, what is the proof, and on what grounds are they reaching such conclusions”? Kremlin spokesman Dmitry Peskov told CNN. According to Reuters, an anonymous Russian diplomatic source told the news agency Interfax that “Microsoft is playing political games.” and that “the (mid-term US) elections have not happened yet, but there are already allegations.”
Russian and Iran-linked groups target Facebook and Twitter
Earlier this week, Facebook suspended 652 accounts, pages and groups for running a “coordinated disinformation” campaign on Facebook and Instagram targeting their global users in the US, UK, Middle East, and Latin America. Facebook said it carried out four separate investigations into the “coordinated inauthentic behavior” which revealed that two of them were related to Iran and one to Russian military intelligence services. It was unclear which the fourth one was related to.