August 21, 2018
By Colin Dwyer and Sasha Ingber
A familiar cyberattack suspect linked with the Russian intelligence service (click here) has resurfaced in the months leading up to the U.S. midterm elections, according to Microsoft. The tech giant announced overnight that last week it executed a court order to disrupt six fraudulent websites set up by a hacker group known by many names — most often APT28, but also Fancy Bear or Strontium, among others.
The unit has been associated with the Russian spy agency GRU and blamed for a raft of high-profile hacks across the world in recent years — including the breaches of the Democratic National Committee's network during the 2016 presidential election.
In this case, Microsoft says the group established a half-dozen domains meant to be confused with two conservative groups, the U.S. Senate and even Microsoft's own suite of products. Two of those targets, the nonprofit International Republican Institute and the Hudson Institute research center, have criticized the Kremlin.
Microsoft says the International Republican Institute and the Hudson Institute were targeted with my-iri.org and hudsonorg-my-sharepoint.com, and that three domains — senate.group, adfs-senate.services and adfs-senate.email — mimicked the Senate. Microsoft itself appears to have been the focus of office365-onedrive.com....
