Microsoft has announced that Fancy Bear is causing problems again, creating six fake websites designed to hack into the computers of people visiting sites related to public policy and the U.S. Senate. The sites were created in the past several months but were fortunately caught by Microsoft.
Microsoft called out Fancy Bear and cited the Russian government without explicitly calling out the Russian intelligence agency.
Microsoft, unlike Facebook a few weeks ago, does not merely suspect that Russian intelligence was behind these attacks they announced. They are certain:
"There is absolutely no doubt in our mind… that this was the work of" Strontium aka Fancy Bear aka APT 28
— Tim Mak (@timkmak) August 21, 2018
Although it looks like we may not be able to depend on the Trump administration to do very much to prevent Russian interference in the mid-terms, Microsoft is responding through their own Digital Crimes Unit, launching a campaign for expanded cybersecurity protections that will be free for campaigns and election agencies that use Microsoft 360.
Among the targets:
- A conservative Washington think tank, Hudson Institute, which investigates corruption in Russia.
- International Republican Institute (IRI), which promotes democracy worldwide
- Sites designed to appear affiliated with the U.S. Senate
- A spoof of Microsoft online products
The tech company has tracked the hackers for two years and decided to out them publicly due to “an uptick in Russian activity ahead of the midterms.”
They have been working to thwart Fancy Bear, getting a court order to move the domain names of the Russian sites to their own servers, effectively shutting down the fake sites.
Fancy Bear is a unit under the Russian military intelligence agency, the GRU. The group goes by many names such as Strontium and APT28, which refers to “advanced persistent threat” in cybersecurity circles.
According to The New York Times, the GRU is:
“Russia’s largest military intelligence agency and is one of several groups authorized to spy for the Russian government, alongside successor agencies to the K.G.B.”
Fancy Bear = GRU
They know we know, and don't care.
— John Schindler (@20committee) August 21, 2018
The basic idea is that the fake sites draw visitors, sometimes by sending out fake security-warning emails. Once a visitor is tricked into visiting the website, the spear-phishing malicious software captures the web surfer’s information, giving the Russians access to the user’s computers, emails, contact lists, and other information.
This is how the Russians were able to hack John Podesta, Hillary Clinton’s former campaign chairman. They sent him a fake security-warning email that linked to their fake website. Cybersecurity researchers connected the hack of Podesta’s email to Fancy Bear.
The company previously had announced that 3 unidentified congressional candidates had been subjected to Russian spear-phishing attacks.
As the Russians step up their efforts to undermine the mid-term elections, the tech industry is, fortunately, responding in a way that the Trump administration seems to have not.
Eric Rosenbach, former Pentagon chief of staff and now co-director of Harvard University’s Belfer Center for Science and International Affairs said:
“The tech sector needs to play a role in protecting elections and protecting campaigns,” Rosenbach said. “The tech sector will have visibility on some of these things that the [National Security Agency] never could and never should.”
At a time when many Americans have lost faith in the Trump administration to take effective action to protect our elections, at least we have some news that the tech industry is essentially stepping up and filling a part of the vulnerable void.
Featured image: Putin by Global Panorama via Flickr (CC BY-SA 2.0)