Less than a week after the United States government charged 12 Russian officers for hacking in the 2016 presidential election, Microsoft is accusing the same Russian intelligence agency of using a phishing scheme to hack at least three additional candidates in the 2018 midterm election. Microsoft vice president for customer security and trust Tom Burt revealed the company’s findings at the Aspen Security Forum’s Defending Democratic Institutions: Election 2018 and Beyond panel.
“Earlier this year we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” Burt said. “We saw metadata that suggested those phishing attacks were being directed at three candidates.” Details of the attack were not revealed, but phishing attacks usually involve hackers sending an email with a web address containing a malicious link that’s designed to install malware when it is activated. As part of its work with the United States government, Microsoft was able to seize the domain before it could inflict damage.
Microsoft also did not reveal the names of the affected candidates nor their political party affiliations, but Burt noted that “because of their positions, [the candidates] might have been interesting targets from an espionage standpoint, as well as an election disruption standpoint.” The company traced the hacksback to the Russian group Strontium, which is widely believed to be closely linked to Russia’s GRU military intelligence agency.
Burt’s announcement comes less than a week after U.S. Special Counsel Robert Mueller indicted 12 members of the GRU for their involvement in hacking the Democratic National Committee in 2016. Similar to the discovery of Russian-linked hacking on the 2018 elections, Microsoft’s security team found that spoofed domains were used in the 2016 election hacks. Though hacking politicians has been part of spy organizations, leaking the information is seen as a violation of the practice, Buzzfeed News reported. “A hacker group from a second Russian intelligence agency had penetrated the DNC as early as 2015, but didn’t spread that information, and has avoided the kind of international condemnation aimed at the GRU,” the site noted.
Despite continued warnings by U.S. intelligence officials, including FBI Director Christopher Wray and National Intelligence Director Dan Coats, that election hacking will be a likelihood in the 2018 elections and beyond, the Republican-controlled House voted to eliminate new funding for states to strengthen election security, The New York Times reported. In addition to U.S. hacks, the GRU is also believed to have targeted the campaign of French president Emmanuel Macron.