Microsoft recently caught hackers mounting attacks targeting three candidates running in the November 2018 midterms, the company’s vice president for security and trust said Thursday.
Cybercriminals registered a web address with a domain meant to resemble that of a legitimate Microsoft site and used it for the landing page of an attempting “phishing attack,” Tom Burt explained during a discussion at the Aspen Security Forum.
Mr. Burt declined to identify the targets of the attempted attack, but he said that the intended victims were people who, “because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint.”
Microsoft worked with the government to remove the domain and was “able to avoid anybody being infected by that particular attack,” Mr. Burt added.
“They did not get into those candidates,” Mr. Burt added. “They tried, they weren’t successful and the government security teams deserve a lot of the credit for that. But ultimately that one was forestalled.”
The discovered mirrored a campaign detected during the 2016 race in which suspected Russian state-sponsored hackers spoofed Microsoft domains to use in launching phishing attacks and other offensive cyber operations, Mr. Burt said.
Microsoft has not connected the 2016 attack to a particular government, but the individuals responsible for that attack wage operations on behalf of the same Russian group linked by the Department of Justice last week to attacks waged in 2016 against the Democratic National Committee, Democratic presidential candidate Hillary Clinton and the U.S. election infrastructure, he said.
Russian hackers were able to infiltrate the DNC and Clinton campaign by conducting phishing attacks that allowed them to steal the account credentials of people including John Podesta, the chairman of Mrs. Clinton’s campaign, according to the Justice Department. Russian hackers were able to compromise Mr. Podesta’s personal email account and pilfer private correspondence later leaked online by fooling one of his staffers into visiting a phishing page resembling a legitimate Gmail log-in site and entering Mr. Podesta’s password, according to the Justice Department.
“The consensus of the threat intelligence community right now is that we’re not seeing the same level of activity by the Russian activity groups leading into the [2018 midterms] that we could see when we looked back at the 2016 election,” Mr. Burt added.
“We don’t see the activity of them trying to infiltrate think tanks and academia and in social networks to do the research that they do to build the phishing attacks that they then launch. That doesn’t mean we’re not going to see it….There’s a lot of time left before the election.”
President Trump said “no” on Wednesday when asked by a reporter if Russian hackers are currently attacking U.S. targets. White House press secretary Sarah Huckabee Sanders subsequently said that the president meant he was not taking reporters’ questions.
FBI Director Christopher Wray said during a discussion at the Aspen Security Forum earlier this week that Russian hackers are indeed mounting an active operation against American targets.
“Russia attempted to interfere with the last election and that it continues to engage in malign influence operations to this day,” Mr. Wray said Wednesday.
“We haven’t yet seen an effort to target specific election infrastructure this time, but certainly other efforts, what I would call malign influence operations, are very active, and we could be just a moment away from going to the next level,” Mr. Wray said Wednesday. “And so to me it’s a threat that we need to take extremely seriously and respond to with fierce determination and focus.”
Russian President Vladimir Putin has denied authorizing attacks against U.S. targets as recently as Monday’s summit with Mr. Trump in Helsinki.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.