Three congressional candidates in the United States standing for the 2018 mid-term elections had been the target of cyberattacks reportedly orchestrated by threat actors from Russia.
Microsoft confirmed that it intercepted the attacks which used a fraudulent version of its website as a front to spy on the candidates early this year. The company, however, refused to drop the names of the candidates for the sake of their privacy and security.
Tom Burt, the corporate vice president for customer security and trust at Microsoft, revealed at the Aspen Security Forum in Colorado on Thursday that the attackers used the fake Microsoft domain "as the landing page for phishing attacks" in order to insinuate themselves into the campaigns of the quarries. Burt added that the three congressional hopefuls were singled out possibly because of their position which makes for a great target from an espionage and election disruption standpoints.
According to Burt, the domain was already taken down. They are now working with the government to give the attackers a wide berth and avoid potential targets from getting attacked.
Tom Burt, VP of security at Microsoft, says the company detected Russian phishing attacks on three candidates in the 2018 midterms "who would be interesting from an espionage perspective." Wouldn't reveal who they are. #AspenSecurity
— Julia Ioffe (@juliaioffe) July 19, 2018
Despite the threat, Burt had stressed that they are not seeing a considerable success from Russia's electoral interference this time as compared to the 2016 elections.
"I would say that the consensus of the threat intelligence community right now is [that] were not seeing the same level of activity by the Russian activity groups leading into the mid-year elections that we could see when looking back on the 2016 elections."
Nonetheless, the 2018 mid-year elections are more than three months away so Burt is calling on all concerned agencies and the private sector to be vigilant.
It's not the first time that Microsoft thwarted the same method of attack as during the 2016 Democratic Convention in Philadelphia, it busted Russia-based hacking group APT28, stamping on over 90 internet domains from them. The company suspected that APT28 may be run by Russia's military intelligence agency.