Russian Military Intelligence Hackers Who Allegedly Broke Into DNC Recently Targeted Washington, D.C. Security Think Tank

The Russian hacking group Fancy Bear, which is believed to have hacked into the Democratic National Committee and is allegedly linked to Russian military intelligence, recently targeted a Washington D.C.-based security think tank, according to court documents.

The tech company Microsoft has been monitoring cases in which Russian hackers had created fake domains that resemble the websites of entities like think tanks. The goal is to trick users into entering their personal details so that their data can be stolen.

On Wednesday, a court in Virginia gave Microsoft control of a group of websites that resemble the Washington, D.C.-based think tank the Center for Strategic and International Studies (CSIS). CNN first reported the case on Wednesday. It is unclear whether the hackers successfully stole information from the organization.

"CSIS is under consistent cyberattack from a variety of state actors. We spotted this incident immediately and were able to work with Microsoft to put a stop to it," CSIS spokesman Andrew Schwartz told Newsweek.

Microsoft, meanwhile, says it is taking a lead role in tracking these sites and taking them offline.

"This is part of our ongoing work to protect customers and democratic processes and institutions. We've used this approach 13 times in the last two years to shut down 89 fake websites," Tom Burt, a representative from Microsoft, told Newsweek.

gettyimages-668216076-594x594
Secretary of State Mike Pompeo speaks during a discussion on national security at The Center for Strategic and International Studies (CSIS), in Washington, D.C., on April 13, 2017. Microsoft has been monitoring cases in which Russian hackers created fake domains that resemble think tank websites, including CSIS’s. Mandel Ngan/AFP/Getty Images

Over the summer, center-right think tanks like the Hudson Institute and the International Republican Institute were similarly targeted. Microsoft took control of the fake domains in these cases, and in a separate case when the Russian hackers targeted the then-Democratic Senator from Missouri Claire McCaskill.

"Microsoft's Digital Crimes Unit (DCU) successfully executed a court order to disrupt and transfer control of six internet domains created by a group widely associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28," Microsoft's President Brad Smith said in a statement in August.

"Attackers want their attacks to look as realistic as possible, and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit. The sites involved in last week's order fit this description," the statement continued.

Representatives from Microsoft note that they too have been targeted using these techniques. During a panel discussion at the Aspen Security Forum last year, a Microsoft representative revealed that his company had discovered a fake Microsoft domain that was being used as "the landing page for phishing attacks" that aimed to steal user data.

The Fancy Bear hackers have been linked to the 2016 hack of the Clinton campaign chairman John Podesta, who was tricked into giving up the login details for his email account. The hackers often target politicians who are critical of Russia and think thanks with high-profile affiliates. Security researchers also note that Fancy Bear has targeted governments in Eastern Europe, particularly those with a tense relationship with Russia.

A similar hacking group called Cozy Bear, which is also associated with Russian military intelligence, has been less active recently. Cozy Bear also previously targeted think tanks and media outlets, according to security researchers.

Russian Military Intelligence Hackers Who Allegedly Broke Into DNC Recently Targeted Washington, D.C. Security Think Tank | World