[Updated] Microsoft Discloses First Known Cyberattacks Targeted at Three 2018 Election Campaigns
[Update: July 20, 2018] It’s fair to say that Microsoft believes Russian hackers were behind this year’s attempted hacks at three Congressional candidates. While Microsoft is yet to give any additional statement on this, you can head over to this video where Tom Burt is responding to a question that moderator specifically asked about “evidence of Russian intrusion in this year’s election.”
Hackers have already targeted 2018 Congressional candidates, Microsoft revealed today. At the Aspen Security Forum, Microsoft disclosed on Thursday that the company identified and stopped attempts to launch cyberattacks against three 2018 candidates.
“Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” Tom Burt, Microsoft’s vice president for security and trust, revealed today. These attacks were made using phony versions of Microsoft’s website.
“And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections.”
Working with the US government, the company removed the domain and blocked the phishing messages. The hacks weren’t successful since they were spotted before hackers could successfully infiltrate the networks.
“We were able to avoid anybody being affected by that attack. They tried, they weren’t successful and the government security teams deserve a lot of the credit.”
The same phishing tactics were used during the 2016 DNC hacks that led to indictments last week. Since Burt was talking about both the 2016 and 2018 cyberattacks mentioning Russian hacking group known as APT28 or Fancy Bear, it isn’t clear whether Microsoft believes the same group was behind the 2018 hacking attempt.
Election hacks remain a concern but many believe Russian hackers aren’t as active yet as they were during 2016 election campaign
Microsoft hasn’t disclosed the names of the candidates who were targeted and just said they were “people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint.”
Microsoft said that Russians aren’t as active as they were during the 2016 election. “I would say that the consensus of the threat intel community right now is that we’re not seeing the same level of activity by the Russian activity groups leading into the midterm elections that we could see when we look back in the 2016 elections,” Burt said.
“We don’t see the activity of them trying to infiltrate think tanks and academia and in social networks to do the research that they do to build the phishing attacks,” he added. “[But] that doesn’t mean we’re not going to see it. There’s a lot of time left before the election.”
– We have reached out to Microsoft for a clarification.