Microsoft seized six fake domains that mimic the websites of prominent political organizations located in the United States.
On 20 August, the Redmond-based tech giant revealed that its Digital Crimes Unit (DCU) had successfully executed a court order to take control of six fake domains created by Fancy Bear. Also known as “Strontium” and “APT28,” Fancy Bear is one of the Russian digital crime groups that infiltrated the Democratic National Convention’s computer network during the lead-up to the 2016 U.S. presidential election and stole opposition research on then-Republican presidential nominee Donald Trump.
The Russian threat actor designed its fake domains to impersonate prominent U.S. political organizations. Among its targets were the International Republican Institute, an organization for which well-known Republican Senators including John McCain and Marco Rubio serve as board members, and the Hudson Institute, a conservative think tank known for its discussions on a range of topics including digital security. In addition, two of the domains targeted the U.S. Senate.
Microsoft said it has no evidence suggesting Fancy Bear leveraged those domains to conduct attacks. It also clarified that it doesn’t know whom Strontium was thinking about targeting at those entities.
Following its seizure of the domains, the tech giant notified both the International Republican Institute and Hudson Institute while continuing to monitor domain activity associated with the Senate IT staff. But Brad Smith, president and chief legal officer of Microsoft, said company officials are still concerned by what they perceive is a broadening range of activities by APT28. As he wrote in a blog post:
As a special master appointed by a federal judge concluded in the recent court order obtained by DCU, there is “good cause” to believe that Strontium is “likely to continue” its conduct. In the face of this continuing activity, we must work on the assumption that these attacks will broaden further. An effective response will require even more work to bring people and expertise together from across governments, political parties, campaigns and the tech sector.
Towards that end, Smith announced the creation of AccountGuard. Microsoft’s intention for the new initiative is to help streamline the receipt of threat notifications across different email systems, issue guidance to political organizations on how they can strengthen their digital security and provide preview releases on new security features for large organizations.
AccountGuard is the latest initiative created under Microsoft’s Defending Democracy Program, a framework which the tech giant created in April 2018 to help try and protect political processes against election cracking and misinformation campaigns.