Microsoft said Tuesday it had stopped a fresh Russian attack that targeted two U.S. conservative think tanks critical of Moscow.
Yet experts warn that companies such as Microsoft are playing “whack-a-mole” with the ongoing Russian threat, part of Moscow’s effort to undermine trust in U.S. institutions ahead of the midterm elections in November.
Microsoft said it had identified fake websites purporting to be from two conservative think tanks — the International Republican Institute and the Hudson Institute — and taken them offline last week.
Both groups have taken a strong stance in opposition to Russia in recent months, calling for sanctions against Moscow, exposing its human rights abuses and decrying oligarchs.
The International Republican Institute, which promotes democracy around the world, also boasts staunch critics of President Donald Trump among its members, including Sen. John McCain and Mitt Romney, as well as H.R. McMaster, the national security adviser Trump fired in March.
Microsoft also took offline two websites designed to mimic those used by Senate staff.
Microsoft said all websites were taken offline before they could trap anyone, and linked the fake sites to a hacking group it identifies as Strontium, but is also known as Fancy Bear or APT 28 — a group strongly linked to Russia’s foreign military intelligence unit, known as the GRU, and believed to have hacked the DNC in 2016.
“Despite last week’s steps, we are concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States,” Brad Smith, Microsoft president and chief legal officer, said in a blog post.
The targeting of think tanks whose views do not line up with those of the Kremlin is nothing new.
Following the 2016 election it was discovered that hackers had spoofed the websites of multiple institutions, including the Council on Foreign Relations, the Eurasia Group, the Center for a New American Security, Transparency International, and the London-based International Institute for Strategic Studies.
The latest revelation shows that despite the high-profile nature of the disinformation campaigns conducted ahead of the 2016 election, technology companies, campaigns and organizations are still struggling to deal with the Russian threat.
“We are in a situation of asynchronous warfare,” Andy Norton, director of threat intelligence at Lastline, told VICE News. “Foreign powers are using the cyber theater to undermine confidence in political and economic models. However, we perpetually underestimate the risk and the impact a cyber intrusion has, not only on the victim, but in the broader level of confidence in systems in general.”
Ahead of November’s vote, the U.S. has already suffered a number of attacks linked to Russia.
Microsoft revealed last month it had stopped attacks on three different campaigns originating in Moscow, while Facebook said it had removed fake accounts fueling division among Americans. Though the social network stopped short of linking the pages to Russia, researchers subsequently showed links to the notorious Internet research Agency.
Russia has repeatedly denied it was involved in any campaign to undermine U.S. elections — something Trump appeared to accept when he met President Vladimir Putin in July.
Microsoft has launched an initiative called AccountGuard aimed at protecting politicians, their campaigns and organizations involved in the upcoming elections. It aims to provide early notification of attacks, continuing education and early access to the latest security tools.
But experts are skeptical about how effective this will be.
“Microsoft is playing whack-a-mole here,” Thomas Rid, a professor of strategic studies at Johns Hopkins University, told the New York Times. ”These sites are easy to register and bring back up, and so they will keep doing so.”
Cover image: Hands typing on a computer keyboard on February 06, 2018 in Berlin, Germany. (Thomas Trutschel/Photothek via Getty Images)