Microsoft will provide advanced cybersecurity protection for free to political candidates and campaign offices across the US, the company has announced, after identifying fresh efforts by Russia-affiliated group Fancy Bear to disrupt the democratic process.
Microsoft President Brad Smith said that Microsoft executed a court order last week to disrupt and transfer control of six internet domains created by the Strontium or Fancy Bear group “widely associated with the Russian government”.
The websites, including “senate.group” were designed to mimic organisations like the International Republican Institute and were intended to mask attacks; a hallmark of the Fancy Bear group, which hacked Democratic National Committee servers in 2015.
The company’s President Brad Smith said in a blog post late Monday: “We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections.”
Microsoft has used such court orders 12 times in two years to shut down 84 fake websites associated with this group, he added.
Microsoft Fancy Bear Scare
Cybersecurity company Crowdstrike, which has tracked the group closely, describes Fancy Bear as: “A Russian-based threat actor, which has been active since mid 2000s, and has been responsible for targeted intrusion campaigns against the Aerospace, Defense, Energy, Government and Media sector.”
“This group is known for its technique of registering domains that closely resemble domains of legitimate organizations they plan to target. Afterwards, they establish phishing sites on these domains that spoof the look and feel of the victim’s web-based email services in order to steal their credentials.”
The company adds: “Our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter.”
In a recent indictment by special counsel Robert Mueller, those responsible for the DNC hack were named as former GRU officers Viktor Netyksho, Boris Antonov, Dmitriy Badin, Ivan Yermakov, Aleksey Lukashev, Sergey Morgachev, Nikolay Kozachek, Pavel Yershov, Artem Malyshev, Aleksandr Osadchuk, and Aleksey Potemkin.
Microsoft AccountGuard
Microsoft’s Brad Smith said: “We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections.”
“That’s why today we are expanding Microsoft’s Defending Democracy Program with a new initiative called Microsoft AccountGuard. This initiative will provide state-of-the-art cybersecurity protection at no extra cost to all candidates and campaign offices at the federal, state and local level, as well as think tanks and political organizations we now believe are under attack.”
He added: “To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains.”
The company’s Tom Burt – Corporate VP for Customer Security & Trust – added in a further post that the “AccountGuard” offering would include close liaison with the expertise of the Microsoft Threat Intelligence Center, ongoing guidance on cybersecurity, including love threat modelling and contingency planning sessions, and private previews of security features typically offered first to large corporate customers.”
The free security offering is for candidates using Office 365.