Microsoft said Tuesday it has shut down another six websites created by hackers linked to Russia's military intelligence, with the newest targets the U.S. Senate and two conservative think tanks critical of Russia and President Trump, the Hudson Institute and the International Republican Institute. Microsoft won a court order last year to shut down fake web domains created by the hacking group it calls Strontium, also known as Fancy Bear and APT 28, and including the six just shuttered, the company has used this legal authority to shut down 84 fake Strontium-created sites.
"We are now seeing another uptick in attacks," Microsoft President and chief legal officer Brad Smith told The New York Times on Monday. "These are organizations that are informally tied to Republicans," he added, "so we see them broadening beyond the sites they have targeted in the past." Microsoft discovered an attempted Strontium attack on Sen. Claire McCaskill's (D-Mo.) network in July, and the same group hacked emails from the Democratic National Committee and the Hillary Clinton campaign in 2016, according to an indictment from Special Counsel Robert Mueller. "This activity is most fundamentally focused on disrupting democracy," Smith told The Associated Press, adding, "We have no doubt in our minds" who is responsible for the fake sites.
The spoofed websites of the Senate, Hudson Institute, and IRI contained malware that would make anyone who clicked on the sites vulnerable to hacking, surveillance, and data theft, but Smith said there's no indication anyone actually clicked on the sites while they were live. Thomas Rid at Johns Hopkins University says "Microsoft is playing whack-a-mole here," because the sites are "easy to register and bring back up" when shut down. "These attacks keep happening because they work," he said. "They are successful again and again." You can read more about how Russia is working to disrupt America's 2018 elections at The Week. Peter Weber