The Digital Crimes Unit (DCU) of Microsoft Corporation reported it successfully repelled a series of Russian cyber attacks directed against political institutions in the United States. It also said Microsoft was among those attacked.
DCU said the Russian government hacking group also known as "Fancy Bear," which led the cyber attacks on the Democratic National Committee (DNC) in the 2016 U.S. presidential election, tried and failed to break into the servers of several conservative American think tanks, the United States Senate, and Microsoft Corporation by using spear phishing attacks.
Microsoft had previously discovered and shut down 84 fake websites created by Fancy Bear over the past two years. The Russian designation for this group is apparently Unit 26165 and Unit 74455.
Both these units are part of the GRU or the "Main Intelligence Directoraate" of the Armed Forces of the Russian Federation. Other aliases for this advanced persistent threat group are APT28, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM.
Microsoft president Brad Smith revealed that Fancy Bear created six websites that intentionally tried to mimic those of its targets, including Microsoft. Smith said Fancy Bear's goal was to trick people into clicking through the fake pages, thereby allowing the hackers to steal information from them. These websites were created within the past few weeks.
Microsoft said it discovered those websites and seized them after obtaining a court order to do so. These websites are now offline and useless to the GRU, which is the acronym for "Glavnoye razvedyvatel'noye upravleniye."
Microsoft considers this cyber attack a failure and has yet to see any evidence the websites were part of a successful attack. It's likely the six fake websites contained malware that would have allowed Russian spies to access the computers of their victims.
Smith said DCU successfully executed a court order to disrupt and transfer control of six internet domains created by Fancy Bear. He said Microsoft used this strategy 12 times over the past two years to shutter 84 fake websites crafted by Fancy Bear.
He noted the Russian spies want their attacks to look as realistic as possible. To do this, the Russians create websites and URLs that look identical to those of their intended victims.
Smith said Microsoft is concerned the latest attacks by Fancy Bear and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections. He announced an expansion of Microsoft's Defending Democracy Program with a new initiative called Microsoft AccountGuard to better protect U.S. elections from cyber attacks from Russia.
In July, special counsel Robert Mueller indicted 12 of members of the GRU for stealing emails and documents from the DNC, the Democratic Congressional Campaign Committee, and various Hillary Clinton campaign staffers, including campaign chairman John Podesta
