The hacker group, which was responsible for political parties during the US presidential election in 2016, has already tried to target staff of three candidates standing for election in the middle of this year, a Microsoft executive warned on Thursday.
This First Known The hacking activity with the midterms in the crosshairs was uncovered by Tom Burt, Microsoft's Vice President for Customer Security and Confidence, at the Aspen Security Forum.
In response to a question about "Russian penetration of this year's election," he said his team had discovered fake Microsoft domains in 2016 that allowed them to launch convincing phishing attacks. This was a tactic to steal and publish emails from the Democratic National Committee (DNC), the former White House chief of staff, John Podesta, and others.
The same cybercrime approach was resumed, he told participants. "Earlier this year, we found that a fake Microsoft domain was set up as a phishing target site, with metadata that suggested that these phishing attacks were targeted at three candidates." written down. [1
"We can not disclose [their identities] because we uphold the privacy of our clients, but I can tell you that they were all human because of their positions they could both From an espionage point of view, as well as from the point of view of the electoral interruption, interesting goals have been.
"We have demolished this domain and in cooperation with the government we have been able to prevent anyone from doing this Attack gets infected, "said Burt.
To Microsoft engineers, the hacking team in question is codenamed Strontium. But the group is also known among a number of other titles, including APT28, Fancy Bear and Pawn Storm. Experts say that their activities, based on the tools and common goals used, have strong ties with Russia's military intelligence unit, which is widely known as the GRU.
Microsoft, working with both Republican and Democratic conventions, is now collaborating with security teams on tech platforms like Facebook to share threat data. In March, Facebook CEO Mark Zuckerberg said he expects Midterm election hacking to emerge.
While the phishing attacks – which serve as a genuine service to hack usernames and passwords – seem to continue, the Microsoft chief admitted The campaign of hackers is not yet at the same level as the previous operations.
"I would say that the consensus of the threat intelligence community is currently that we do not see the same level of activity of the Russian activity groups that lead to the elections in the middle of the year, which we could see when we look back at the 2016 elections "Burt said.
"We do not see the activity of them trying to infiltrate think tanks, science, and social networks. Create the phishing attacks that they launch, we do not see any ongoing activity like the one we were able to disrupt this year." He added, "That does not mean we will not see it, there will be plenty of time left to vote."  US intelligence agencies have previously said that the main target of the alleged false news campaign in 2016 was Hillary Clinton to harm and to vote Donald Trump.
Experts believe that stolen emails sent to whistleblowing WikiLeaks from Russia via Twitter snippet "Guccifer 2.0, a claim denied by WikiLeaks founder Julian Assange. The US government has indicted 12 Russian intelligence officers allegedly tied to the DNC hack last week
President Trump, whose stance on Russian hacking has remained patchy, has recently been clarified If the Kremlin still targeted political entities in the US, Trump initially said he saw "no reason why it should [Russland] . Under considerable backlash, he later claimed that he wanted to say " would not ."
The 2018 US Midterm elections will take place on November 6th.