Earlier this week, Microsoft confirmed it has shut down a phishing campaign targeting the US Senate and think tanks in the United States. The company says the spear phishing attempts originated from the Russian government. In response, the Kremlin has firmly denied the allegations.
Microsoft's Digital Crimes Unit (DCU) discovered a phishing attack attempting to mimic US Senate domains:
“Last week, Microsoft's Digital Crimes Unit (DCU) successfully executed a court order to disrupt and transfer control of six Internet domains created by a group widely associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28,” Microsoft Chief Legal Officer Brad Smith wrote in Microsoft's announcement Monday. “We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group.”
The actors behind the attempt created domains that were supposed to mimic domains of the International Republican Institute, the US Senate, and the Hudson Institute. Microsoft managed to thwart the attempt before the action was fulfilled:
“Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit,” Microsoft said.
Brand Smith wrote the company is “concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections.”
Clearly Russian authorities were not going to admit to involvement and a Kremlin spokesman denied the incident and wondered why no proof was supplied:
“We don't know which hackers they are talking about, we don't know what is meant about the impact on elections,” Kremlin spokesperson Dmitry Peskov told CNN. “From the US, we hear that there was not any meddling in the elections. Whom exactly they are talking about, what is the proof, and on what grounds are they reaching such conclusions?”
“We don't understand, and there is no information, so we treat such allegations accordingly,” Peskov added
Microsoft says the attempt was similar to Russia's involvement in other recent political elections. Most notable of those is the United States 2016 elections.
The new attempt is part of “continued activity targeting… elected officials, politicians, political groups, and think tanks across the political spectrum in the United States,” Microsoft said. “Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France.”