Microsoft on Monday said it seized websites created by Russian hackers to imitate conservative American think tanks, but instead redirected visitors to websites where their passwords could be stolen.
The New York Times reported that some of the sites that were targeted were the Hudson Institute and the International Republican Institute, think tanks that have disagreed with President Trump on ending Russian sanctions.
Three other fake domains were designed to look as if they belonged to the U.S. Senate.
“To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU [Digital Crime Unit] transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains,” Microsoft said on the blog.
Microsoft called the hacking group Strontium; others call it Fancy Bear or APT28. The special counsel Robert Mueller indictment has tied it to Russian’s main intelligence agency, known as the GRU, and to the 2016 email hacking of both the Democratic National Committee and the Clinton campaign.
“The Russians are seeking to disrupt and divide,” Brad Smith, Microsoft’s president said, according to the paper. “There is an asymmetric risk here for democratic societies. The kind of attacks we see from authoritarian regimes like Russia are seeking to fracture and splinter groups in our society.”
The Washington Post reported that there were phony versions of six websites.
Smith said there is no sign the hackers were successful in persuading anyone to click on the fake websites, which could have exposed a target victim to computer infiltration, hidden surveillance and data theft.
Both conservative think tanks said they have tried to be vigilant about “spear-phishing” email attacks because their global pro-democracy work has frequently drawn the ire of authoritarian governments.
“We’re glad that our work is attracting the attention of bad actors,” said Hudson Institute spokesman David Tell. “It means we’re having an effect, presumably.”
Microsoft calls the hacking group Strontium; others call it Fancy Bear or APT28. An indictment from U.S. special counsel Robert Mueller has tied it to Russian’s main intelligence agency, known as the GRU, and to the 2016 email hacking of both the Democratic National Committee and the Clinton campaign.
“We have no doubt in our minds” who is responsible, Smith said.
The Associated Press contributed to this report