During Thursday’s Aspen Security Forum, Tom Burt, Microsoft’s VP of Customer Security & Trust, warned the crowd that hacks, like those during the 2016 elections by Russian government operatives, continue to happen. Three midterm candidates already suffered cyber attacks from Russian hackers.
In 2016, Burt said his team discovered fake Microsoft domain names used by the Russian hacking groups —given code names like Scrontium, APT28, Fancy Bear and Pawn Storm— used to “phish” information from unsuspecting campaign staffers.
Phishing is defined as the fraudulent practice of sending emails or websites appearing to be from reputable sources in order to obtain personal information, such as passwords and credit card numbers, to gain access to a person’s online data or accounts.
The Russian hackers in 2016 used their phished information to gain access to the Democratic National Committee (DNC) servers. They then stole emails and records from the DNC which led to further hacking.
The Russian intelligence operatives then leaked emails and private messages from the DNC as well as longtime Clinton aide Robert Russo and campaign chairman John Podesta. Russian operatives also famously contacted the Trump campaign with offers of damaging information about Hillary Clinton.
Through Wikileaks, the Russians released months of damaging disclosures about the Democratic Party’s nominee intended to influence the United States presidential election. The administration of President Barack Obama began looking into the Russian hackers in 2016 and the Trump administration continued the investigation through Department of Justice appointed and directed Special Counsel, Robert Mueller.
Now, in 2018, Burt stated during the cyber security conference, his team recorded the same phishing approach again.
Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks and we saw metadata that suggested those phishing attacks were being directed at three candidates who are standing for election in the midterm elections.”
“We can’t disclose [their identities] because we maintain our customer privacy,” Burt continued, “but I can tell you that they were all people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint.”
“We took down that domain, and working with the government we were able to avoid anybody being infected by that particular attack.”
Burt’s claims back up the announcement by President Donald Trump’s handpicked National Intelligence Director, Dan Coats, who on Monday stated the Russians remained a viable threat to United States cyber security. Coats statement came after the President cast aspersions on U.S. intelligence agencies’ clear evidence of Russian hacking by Tweet and during a joint news conference with Russian President Vladimir Putin in Helsinki, Finland.
Trump took considerable criticism for his remarks and issued a statement Tuesday saying he misspoke.
During the press conference in Helsinki, after the closed door private meeting with Putin, Trump said he didn’t “see any reason why it would be” Russia hacking the United States to influence the 2016 election. Due to severe criticism, Trump later claimed that he meant to say he didn’t see any reason it “wouldn’t” be Russia.
But on Wednesday the President again denied Russia was definitely involved in the known hacks and said Russia was no longer a threat because Putin knows he is very tough.
The engineers at Microsoft call the Russian directed hacking group Strontium, but intelligence agencies and cyber security experts also refer to them as APT28, Fancy Bear and Pawn Storm. Experts claim their activities intertwine with Russia’s military intelligence unit known as GRU.
While the hacking continues, as with many voters who skip midterm elections, Russian hacking remains at a lower intensity than during the lead up to the 2016 presidential election.