Microsoft: We busted Russian Fancy Bear disinfo websites

Right-leaning American think tanks reportedly targeted


Microsoft has claimed it thwarted a Russian-backed phishing attack by seizing control of fake copies of right-leaning American think tanks' websites – including one led by a prominent Donald Trump critic.

A US court order authorised Microsoft to apprehend six domains that the Windows maker said were linked to the APT28 hacking crew, also known as Fancy Bear and Strontium, according to Redmond.

The Hudson Institute mainly focuses on American national security and foreign policy issues while the International Republican Institute promotes the foreign policy ideas of the US Republican Party, focusing on attitudes to America overseas.

"We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group," boasted Microsoft prez Brad Smith in a corporate blog post.

The six domains were:

  • my-iri.org
  • hudsonorg-my-sharepoint.com
  • senate.group
  • adfs-senate.services
  • adfs-senate.email
  • office365-onedrive.com

The domain for the Hudson Institute is hudson.org, while the IRI resides online at iri.org. The similarities may have been enough to trick the unfamiliar into visiting these sites and entering login credentials or downloading malware.

"We currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains," Smith said.

phishing

Kremlin-backed APT28 doesn't even bother hiding its attacks, says Finnish secret police

READ MORE

The IRI was headed up by American senator John McCain, one of president Donald Trump's more outspoken critics from within his own party. McCain, who was recently diagnosed with brain cancer, stepped down from the IRI leadership at the end of July and anointed Dan Sullivan as its new chairman. Like McCain, Sullivan is a critic of Trump.

"The Kremlin has particularly sought to discredit anti-Trump groups, including within the Republican party," opined Dan Arenson, an analyst from infosec firm Falanx Group.

Microsoft's blog post also revealed that two current American senators may have been targeted by online attackers, among others. "This pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France."

Last year the Finnish secret police said that APT28 is no longer bothering to hide its attacks, something that its recent Italian job brought into sharp relief. Thought to be a unit of the GRU, the Russian intelligence agency, APT28 has long been a thorn in the side of the internet. ®

Similar topics

Broader topics


Other stories you might like

  • Tesla driver charged with vehicular manslaughter after deadly Autopilot crash

    Prosecution seems to be first of its kind in America

    A Tesla driver has seemingly become the first person in the US to be charged with vehicular manslaughter for a deadly crash in which the vehicle's Autopilot mode was engaged.

    According to the cops, the driver exited a highway in his Tesla Model S, ran a red light, and smashed into a Honda Civic at an intersection in Gardena, Los Angeles County, in late 2019. A man and woman in the second car were killed. The Tesla driver and a passenger survived and were taken to hospital.

    Prosecutors in California charged Kevin George Aziz Riad, 27, in October last year though details of the case are only just emerging, according to AP on Tuesday. Riad, a limousine service driver, is facing two counts of vehicular manslaughter, and is free on bail after pleading not guilty.

    Continue reading
  • AMD returns to smartphone graphics with new Samsung chip for your pocket computer

    We're back in black

    AMD's GPU technology is returning to mobile handsets with Samsung's Exynos 2200 system-on-chip, which was announced on Tuesday.

    The Exynos 2200 processor, fabricated using a 4nm process, has Armv9 CPU cores and the oddly named Xclipse GPU, which is an adaptation of AMD's RDNA 2 mainstream GPU architecture.

    AMD was in the handheld GPU market until 2009, when it sold the Imageon GPU and handheld business for $65m to Qualcomm, which turned the tech into the Adreno GPU for its Snapdragon family. AMD's Imageon processors were used in devices from Motorola, Panasonic, Palm and others making Windows Mobile handsets.

    Continue reading
  • Big shock: Guy who fled political violence and became rich in tech now struggles to care about political violence

    'I recognize that I come across as lacking empathy,' billionaire VC admits

    Billionaire tech investor and ex-Facebook senior executive Chamath Palihapitiya was publicly blasted after he said nobody really cares about the reported human rights abuse of Uyghur Muslims in China.

    The blunt comments were made during the latest episode of All-In, a podcast in which Palihapitiya chats to investors and entrepreneurs Jason Calacanis, David Sacks, and David Friedberg about technology.

    The group were debating the Biden administration’s response to what's said to be China's crackdown of Uyghur Muslims when Palihapitiya interrupted and said: “Nobody cares about what’s happening to the Uyghurs, okay? ... I’m telling you a very hard ugly truth, okay? Of all the things that I care about … yes, it is below my line.”

    Continue reading

Biting the hand that feeds IT © 1998–2022