Fancy Bear on the prowl: Microsoft claims it thwarted Russian hacking attempts

21 Aug 2018

Fancy Bear is one of the most notorious hacking groups. Image: aireo/Shutterstock

Microsoft claims it recently stopped hackers trying to steal user data from certain political groups.

Tech giant Microsoft says it curbed attempts by Russian hackers to steal data from US think tanks, including the International Republican Institute (IRI) and the Hudson Institute.

The company claims infamous hacking group Fancy Bear is behind the attacks.

Six domains targeted

Microsoft’s Digital Crimes Unit (DCU) executed a court order last week to disrupt and transfer control of six internet domains created by Fancy Bear. Readers may also recognise Fancy Bear under the names Strontium or APT28. The domains aimed to trick people into thinking they were clicking through links managed by Conservative think tanks such as the Hudson Institute.

Microsoft reckons the attacks were the start of a spear-phishing campaign, which would generally aim to dupe visitors into visiting the fake domains and potentially hand over login data.

According to president of Microsoft, Brad Smith, the DCU has now used the same approach 12 times in two years to shut down 84 fake websites associated with Fancy Bear.

Microsoft also uncovered websites imitating the US Senate, but no particular offices or political campaigns. The New York Times reports that the attacks on Conservative think tanks are part of Russian efforts to disrupt institutions challenging Moscow.

The Hudson Institute has promoted programmes looking at the advent of kleptocracy in global government, while the IRI promotes democracy around the world.

Cyber-espionage on the up, Microsoft president says

Smith said: “We are now seeing another uptick in attacks. What is particular in this instance is the broadening of the type of websites they are going after.

“These are organisations that are informally tied to Republicans, so we see them broadening beyond the sites they have targeted in the past.”

He added: “Despite last week’s steps, we are concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States.”

Microsoft said there was no evidence that the domains had been used in any attacks. The company did warn that the attack activity around the sites mirrors what it saw during the 2016 election season in the US and France’s general election of 2017.

President of the IRI, Daniel Twining, said: “It [the attack] is clearly designed to sow confusion, conflict and fear among those who criticise Mr Putin’s authoritarian regime.”

Ahead of the mid-term elections in the US, officials will likely continue to be on high alert for suspicious activity.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects