Microsoft revealed last night that it successfully defused a hacking campaign linked to the GRU, the Russian military intelligence service.
The group, known in information security industry circles as APT28, Fancy Bear or Strontium, has previously been linked to cyber espionage by numerous governments around the world, including the hacking of the Democratic National Committee ahead of the 2016 U.S. president.
Microsoft takes over six APT28 domains
Microsoft's Digital Crimes Unit (DCU) successfully executed a court order to transfer control of six Internet domains created by the group, said Microsoft president Brad Smith. The six domains are.
The first domain name was registered for the International Republican Institute, which promotes democratic principles. The second is registered to mimic the Hudson Institute, which is known for its discussions of election cybersecurity. The last four were a blatant attempt to mimic the IT infrastructure area of the US Senate. Microsoft says it has notified all three organizations.
Microsoft has now taken over 84 APT28 domains
Depending on their format, these domains are most likely to be used as part of a spear phishing operation.
Microsoft said it had managed to get ownership of the domain name before it was used in any attack.
The OS maker said this is the 12th time they have used a court order to take control of a domain they believe is associated with APT28's attack infrastructure. Smith said they now have control of 84 APT28 domains from the past two years.
Smith said: "Despite the measures taken last week, we remain concerned about the ongoing activity targeting these and other websites and pointing to elected officials, politicians, political groups and think tanks in the U.S. political arena." "Overall, this pattern mirrors the type of activity we saw in the run-up to the 2016 US election and the 2017 French election."
Last week, Reuters reported that the FBI was investigating a cyberattack on the congressional campaign of a California Democratic candidate, although there was no evidence that Microsoft's interference was linked to that investigation.
Tom Burt, Microsoft's vice president of customer security and trust, spoke at a conference in mid-July, saying Microsoft had by then stopped the first cyberattack on the 2018 U.S. midterm elections.
In May of this year, the FBI intervened in a similar fashion to take control of the domain names used by the APT28 group to control the VPNFilter IoT botnet.
Microsoft officially launches AccountGuard service
In announcing Microsoft's intervention in six APT28 domains, Smith also announced the launch of AccountGuard, a service designed to help U.S. election and campaign entities secure their IT infrastructure from nation-state attacks.
Bleeping Computer first tabulated news about Microsoft's new AccountGuard service earlier this month - more details at Click here。
Google also posted a security advisory on its blog about the dangers of government-backed phishing operations after Microsoft announced the acquisition of six APT28 domains. Last week, Google added support for controlling "government-backed attack" alerts in its G Suite service.
>>1、Cloud and network integration to build a new experience of medical cloud business in Henan Unicom2、ArcBlock the first open chain access protocol experimental bench public beta to be released soon3、Watch out Delete the applet and you lose all these things4、Espey Wind Power Technology Co5、What are the tips for optimizing your website for multilingual ranking