Russian Hacking of 2018 U.S. Midterm Elections Has Already Started, Microsoft Warns

The hacking group responsible for targeting political entities during the 2016 U.S. presidential election has already attempted to target staffers linked to three candidates running for election in the midterms later this year, a Microsoft executive warned on Thursday.

This first known case of hacking activity involving the midterms was revealed by Tom Burt, Microsoft's vice president for customer security and trust, at the Aspen Security Forum.

Responding to a question about "Russian intrusion in this year's election," he said his team had spotted in 2016 bogus Microsoft domain names being exploited to launch convincing phishing attacks. This was one tactic used to help pilfer and release emails from the Democratic National Committee (DNC), former White House chief of staff John Podesta and others in 2016.

The same cybercrime approach has been recorded again, he told attendees. “Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks, and we saw metadata that suggested those phishing attacks were being directed at three candidates who are standing for election in the midterm elections,” Burt noted.

Russian President Vladimir Putin Russian President Vladimir Putin answers questions about collusion during the 2016 U.S. election during a joint press conference with President Donald Trump after their summit in Helsinki, Finland, on July 16. Chris McGrath/Getty Images

“We can’t disclose [their identities] because we maintain our customer privacy, but I can tell you that they were all people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint.

Burt added, “We took down that domain, and working with the government we were able to avoid anybody being infected by that particular attack.” 

To Microsoft engineers, the hacking team in question is code-named Strontium. But the group is also known by other titles, including APT28, Fancy Bear and Pawn Storm. Experts say that, based on the tools used and the common targets, its activities have close ties to the GRU, Russia’s military intelligence agency.

Microsoft, which has worked with both the Republican and Democratic conventions, now partners with security teams and tech platforms, such as Facebook, to share threat intelligence. In March, Facebook CEO Mark Zuckerberg said he expected midterm election hacking to surface.

Yet while the phishing attacks—which pose as a real service in an attempt to hijack usernames and passwords—are seemingly ongoing, the Microsoft executive admitted that the hackers’ campaign is not yet on the same level as prior operations.

“I would say that the consensus of the threat intelligence community right now is that we are not seeing the same level of activity by the Russian activity groups leading in to the midyear elections that we could see when we look back at the 2016 election,” Burt said.

“We don’t see the activity of them trying to infiltrate think tanks, academia and social networks to do the research they do to build the phishing attacks that they then launch,” he continued. “We are not seeing ongoing activity like the one we were able to disrupt earlier this year.”

But Burt added, “That doesn’t mean we are not going to see it. There’s a lot of time left before the election.”

The U.S. intelligence community has said that the main aim of the 2016 Russian misinformation campaign was to hurt Hillary Clinton and help elect Donald Trump.

Experts believe stolen emails were sent to WikiLeaks by Russia via the Twitter account Guccifer 2.0,” a claim WikiLeaks founder Julian Assange has denied. Last week, the U.S. government indicted 12 Russian intelligence officers who were allegedly tied to the DNC hack.

Trump, whose stance on Russian hacking has been inconsistent, recently had to clarify comments about whether he believed the Kremlin was responsible for interference in the 2016 election. At his press conference Monday with Russia's President Vladimir Putin, Trump said he didn’t “see any reason why it would be” Russia. Amid significant backlash, he later claimed that he meant to say wouldn’t.

The midterms will take place November 6.

Trump and Putin US President Donald Trump and Russia's President Vladimir Putin attend a joint press conference after a meeting at the Presidential Palace in Helsinki, on July 16, 2018. BRENDAN SMIALOWSKI/AFP/Getty Images