BOSTON – The Russian military intelligence agency, which wanted to influence the 2016 elections, seems to have a new goal: conservative American think tanks that have broken with President Trump, calling for further sanctions against Moscow, suspending oligarchs or advocating human rights.
In a report scheduled for release on Tuesday, Microsoft Corporation said it detected and confiscated Web sites created in recent weeks by hackers affiliated with Russian unity, formerly known as GRU The sites wanted to make people believe that they were clicking through links operated by the Hudson Institute and the International Republican Institute, but were secretly being redirected to websites created by hackers to steal passwords and other credentials.
The turn to conservative think tanks underlines the goals of the Russian intelligence service: to disrupt any institution that challenges Moscow and Russian President Vladimir Putin ,
The Hudson Institute has promoted programs that investigate the rise of kleptocracy in governments around the world, with Russia as a major target. Funded by the State Department and the United States Agency for International Development, the International Republican Institute has for decades contributed to promoting democracy around the world.
"We now see a further increase in attacks, and what's special in this case is the expansion of the type of sites they're looking for," Microsoft President Brad Smith said Monday in an interview.
"These are organizations that are informally tied to Republicans," he said. "So we see that they are expanding beyond the places they were focused on in the past."
The board of the International Republican Institute consists of several Republican leaders who are very critical of Trump's interactions with Putin, including a summit meeting last month between the two leaders in Helsinki, Finland.
Among them are Senator John McCain of Arizona; Mitt Romney, a former presidential candidate; and – although he was silent about Mr. Trump's performance in Helsinki – Lt. General H. R. McMaster, who was replaced in spring as the National Security Advisor to the White House. General McMaster, now retired, was the author of the National Security Strategy, which called for Russia to be treated as a "revisionist power" and confronted worldwide.
"This is another demonstration of the fact that the Russians are not" they are really pursuing partisan attacks and are pursuing attacks that they perceive in their own national self-interest, "said Eric Rosenbach, the director of the Defending Digital Democracy project Harvard University, Monday. "It's about disrupting and weakening any group that puts Putin's Russia at home and around the world in distress."
The State Department has traditionally supported both Republican and Democratic groups,
Daniel Twining, President of the International Republican Institute called the apparent "spear phishing" attempt "in line with the anti-meddling campaign that the Kremlin has waged against democracy and democracy." Support human rights. "
" It is clearly intended for confusion, conflict and anguish To sow among those who criticize Mr. Putin's authoritarian regime, "Mr. Twining said in a statement.
The goal of the Russian hacking attempt was unclear and Microsoft was able to capture the fake websites as they were
But Mr. Smith said that "these attempts represent the latest security threats to groups associated with both American political parties ", ahea d the 2018 midterm elections.
" These attacks seek to disrupt and divide, "he said. "There is an asymmetric risk for democratic societies here, and the kind of attacks we see from authoritarian regimes seeks to break and shatter groups in our society."
On Sunday, current national security adviser John R. Bolton said Russia is not the only threat in the autumn elections. He also called China, Iran and North Korea – the other most active cyber-operators among the opponents of the state – as threats.
But so far, Microsoft and other companies from these nations have not found extensive campaigning.
Senior United States intelligence officials also warn that the midterm elections are being targeted by foreign governments that want to influence American voters.
Last month at Aspen Security Forum, Christopher A. Wray, FBI. The director said his agency saw information operations aimed at "To sow disunity and disunity in the land".
It was not until days later, in a report that was first presented to members of Congress, that Facebook revealed that it was a influence on the operation, which aims to promote the division of Americans by targeting progressive groups aims. Facebook did not stop calling Russia the culprit of this campaign, even though the social media company pointed to similarities between the influence operation and earlier work of the Russian state Internet Research Agency.
The attempt uncovered by Microsoft reflected the Russians' efforts against state-backed hackers ahead of the 2016 presidential election.
Following the vote in 2016, a number of cybersecurity companies discovered that websites created by Russian hackers were the same as known ones To fake or imitate institutions. Think tanks included the Council on Foreign Relations and the Eurasia Group, both in New York; the Center for New American Security in Washington; Transparency International in Berlin; and the London-based International Institute for Strategic Studies.
A single letter or even a punctuation mark was often the only difference between the real and the fake website.
The counterfeit websites were used as a channel for a number of attacks, including convincing victims to download malicious malware or revealing passwords and other personal information. But for a year, Microsoft has been aggressively attacking them.
In 2016, a federal judge in Virginia agreed that the group calls Microsoft strontium and other APT 28 an advanced persistent threat. would continue his attacks. The judge appointed a "special master" with the authority to authorize Microsoft to use fake websites once they are registered. As a result, hackers have lost control of many of the sites just days after they were created.
But it's a constant cat-and-mouse game as Russian hackers seek new attack vectors while Microsoft and others seek to cut them off.
"These attacks happen because they work, they're always successful," said Thomas Rid, professor of strategic studies at Johns Hopkins University, who doubted anyone could forestall hackers.
"Microsoft is playing here," says Mr. Whack-a-Mole. Said Rid. "These sites are easy to register and upload, so they will continue to do so."
Last month, Microsoft announced it had detected and supported similar attacks on two senators for reelection. Senator Claire McCaskill, Democrat of Missouri, facing one of the toughest political challenges this year, acknowledged that her election campaign was among them after she kept the news a secret for months – apparently to voters playing Russia's role in voting doubt alienating] Microsoft says it is expanding its efforts to help political candidates counteract foreign influence. It launches an initiative called "AccountGuard" to strengthen the protection of candidates and campaign offices at the federal, state and local levels as well as think tanks and political organizations.
With the Midterms less than three months away, Microsoft said it would step up cooperation between tech companies and the federal government over their efforts to join the American election.
"Over the last year, larger tech companies, in particular, have introduced stronger information sharing practices. These threats are emerging," said Mr. Smith. "However, these agreements are informal."