Microsoft Reports Russian Hackers Targeted 2018 US Elections Three Times

At the Aspen Security Forum, Microsoft specialists revealed that in 2018, they discovered and helped US authorities prevent cyberattacks targeting at least three Congressional candidates. The attacks are believed to have been carried out by Russian “government hackers.” It’s worth noting that in the fall of 2018, the US was set to hold elections for the Senate, House of Representatives, and several state governorships.

Microsoft representatives declined to name the specific targets but emphasized that all three candidates were individuals who could be of interest to spies due to their positions and the upcoming elections.

Details of the Attacks

Tom Burt, Microsoft’s Vice President, explained that the company’s experts discovered a fake domain designed to mimic a Microsoft resource, which was used for phishing attacks. Metadata found by the specialists indicated that the attacks were directed specifically at the three candidates and their campaign staff. Microsoft engineers assisted law enforcement in shutting down the domain and ensured that no one was harmed by the attempted attacks.

Links to Previous Russian Hacking Activity

Burt also reported that the activity detected by Microsoft resembled the actions of Russian “government hackers” and groups that targeted the 2016 presidential election. In particular, he noted that the domain in question was registered by the group known as Strontium, also called APT28, Fancy Bear, Pawn Storm, Sofacy, Sednit, Tsar Team, and other aliases. While the current level of hacker activity is lower than in 2016, Burt warned that the situation could worsen as the fall elections approach.