BREAKING NEWS : Jury reaches verdict at trial over George Floyd's death Full Story
SEVERE WX : Winter Weather Advisory View Alerts
STREAMING NOW: Watch Now

Microsoft stops Kremlin-based hackers

Microsoft announced parts of an operation linked to Russian military intelligence targeting the US Senate and conservative think tanks were thwarted. CNN's Frederik Pleitgen reports.

Posted: Aug 21, 2018 8:09 PM
Updated: Aug 21, 2018 8:11 PM

Parts of an operation linked to Russian military intelligence targeting the US Senate and conservative think tanks that advocated for tougher policies against Russia were thwarted last week, Microsoft announced early Tuesday.

The disclosure, coming less than three months ahead of the 2018 midterms, demonstrates new ways in which Russia is attempting to destabilize US institutions. The news also places additional pressure on President Donald Trump to take action, even though he downplayed Russia's involvement as recently as Monday.

In its announcement, Microsoft said it executed a court order giving it control of six websites created by a group known as Fancy Bear. The group was behind the 2016 hack of the Democratic National Committee and directed by the GRU, the Russian military intelligence unit, according to cybersecurity firms.

The websites could have been used to launch cyberattacks on candidates and other political groups ahead of November's elections, the company said.

Microsoft said the domains were "associated with the Russian government and known as Strontium, or alternatively Fancy Bear or APT28." The company said it has no evidence that the domains were used in successful attacks but that it was working with the potential target organizations.

Microsoft argued in court that the domains were posing as some of its company's services.

"Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit," Microsoft President Brad Smith said in a blog posted to the company's website on Monday night.

Although the websites could be used to trick members of the Senate and think tanks, they also could have been used to dupe other people or entities that interact with them.

Think tanks have criticized Russia

Hackers could have used the domains to send emails to Senate staffers or people working for the Hudson Institute or the International Republican Institute in an attempt to trick them into handing over information, like their passwords.

This form of attack, known as spearphishing, was successfully used to target Hillary Clinton's campaign chairman John Podesta in 2016. Missouri Democratic Sen. Claire McCaskill's staff was similarly targeted by a Russian group last year. McCaskill has said the attempt was unsuccessful, and Microsoft took control of the domain that targeted her staff via a court order in Virginia earlier this year.

Among the websites for which a judge in the Eastern District of Virginia granted Microsoft control were those with domain names designed to resemble sites used by congressional staff. They include "senate.group" and "adfs-senate.email."

Other domains were designed to look like they were related to the Hudson Institute, a conservative think tank, and the International Republican Institute, whose board includes six serving senators, former Massachusetts Gov. Mitt Romney and Gen. H.R. McMaster.

Both think tanks have been critical of Russia.

The Hudson Institute runs the Kleptocracy Initiative, which has an advisory council with several Russia experts and focuses on revealing how "financial secrecy fuels globalized corruption and threats to democracy" and frequently scrutinizes on the Kremlin.

The International Republican Institute has been working to promote democracy since the 1980s and receives funding through the US State Department, US Agency for International Development and the National Endowment for Democracy. IRI has also been critical of Russia, and the Russian Federation labeled the group an "undesirable organization" in 2016.

The institute's board of directors includes several Republicans in Congress. Arizona Sen. John McCain led the board earlier this year and Alaska Sen. Dan Sullivan took over for McCain. Both have been critical of Trump.

"This apparent spearphishing attempt against the International Republican Institute and other organizations is consistent with the campaign of meddling that the Kremlin has waged against organizations that support democracy and human rights," Daniel Twining, IRI's president, said in a statement Tuesday morning. "It is clearly designed to sow confusion, conflict and fear among those who criticize (Russian President Vladimir Putin's) authoritarian regime."

Kremlin denies involvement

The Kremlin on Tuesday denied any knowledge of attempts to interfere in US elections.

"Our reaction has already become traditional: we don't know which hackers they are talking about, we don't know what is meant about the impact on elections," Kremlin spokesman Dmitry Peskov said in response to a CNN question. "From the US, we hear that there was not any meddling in the elections. Whom exactly they are talking about, what is the proof, and on what grounds are they reaching such conclusions?"

He added, "We don't understand, and there is no information, so we treat such allegations accordingly."

In an interview with Reuters on Monday, Trump -- who has openly and repeatedly questioned US intelligence findings that Russia interfered in the 2016 election with the goal of harming Hillary Clinton's campaign to aid his bid -- blamed special counsel Robert Mueller's investigation into the matter for undermining his efforts to improve relations with Moscow.

Mueller's investigation has "played right into the Russians -- if it was Russia -- they played right into the Russians' hands," the President said.

But the President's own Director of National Intelligence, Dan Coats, delivered a speech at the Hudson Institute last month, in which he called Russia "the most aggressive foreign actor" participating in efforts to undermine American democracy.

Also last month, the Justice Department announced indictments against 12 members of the GRU, as part of Mueller's investigation, for allegedly disseminating information it had stolen from the Clinton campaign, the Democratic National Committee and the Democratic Congressional Campaign Committee in 2016.

The indictment laid bare how two units of the GRU had been allegedly responsible for the intrusions, putting names to a group that had only been known under monikers like Fancy Bear and APT28.

Recent attacks

The news comes less than a week after it emerged that two Democratic congressional primary candidates were hacked earlier this year.

The campaigns of Dr. Hans Keirstead and David Min, both of whom lost in California's June primaries, were breached, but the groups responsible for the attacks have not been made public and may not be known.

Microsoft said Monday that, in light of the ongoing threats to political groups in the US, it was launching a specialized cybersecurity protection service called AccountGuard.

The company says it will offer the service to all candidates and campaign officials, as well as think tanks and political organizations that use Microsoft Office 365, at no additional cost.

The initiative is part of Microsoft's Defending Democracy Program, which it launched in April. The company said it plans to roll out AccountGuard in other parts of the world.

This story has been updated with additional context about the Russians' attempted interference.

Indiana Coronavirus Cases

Data is updated nightly.

Cases: 708779

Reported Deaths: 13226
CountyCasesDeaths
Marion966191721
Lake51761946
Allen39224672
Hamilton34549405
St. Joseph34157541
Elkhart27356432
Vanderburgh22081394
Tippecanoe21853212
Porter17935299
Johnson17544374
Hendricks16822310
Clark12697190
Madison12353337
Vigo12219244
Monroe11469166
LaPorte11162204
Delaware10366184
Howard9664211
Kosciusko9134114
Hancock7990139
Bartholomew7893155
Warrick7691155
Floyd7563176
Wayne6906198
Grant6844171
Boone6556100
Morgan6405138
Dubois6085117
Marshall5786108
Dearborn570376
Cass5685102
Henry5579101
Noble542683
Jackson493569
Shelby479495
Lawrence4342118
Gibson429089
Harrison428570
Clinton419753
Montgomery418086
DeKalb411184
Whitley380239
Huntington379880
Miami372865
Knox366689
Steuben365757
Putnam353160
Jasper350946
Wabash347878
Adams338052
Ripley334668
Jefferson313180
White308454
Daviess289499
Wells286481
Decatur279092
Fayette277262
Greene270785
Posey268833
Scott261153
LaGrange253670
Clay253544
Randolph235680
Washington231031
Spencer228031
Jennings225047
Fountain208845
Sullivan207942
Starke204752
Owen192356
Fulton192039
Jay186429
Carroll185920
Perry180736
Orange177853
Rush170724
Vermillion166043
Franklin165635
Tipton161043
Parke144616
Blackford133831
Pike130334
Pulaski113845
Newton104234
Brown100140
Crawford97614
Benton97113
Martin82915
Warren79715
Switzerland7698
Union69910
Ohio55811
Unassigned0408

Ohio Coronavirus Cases

Data is updated nightly.

Cases: 1054807

Reported Deaths: 18991
CountyCasesDeaths
Franklin1225191356
Cuyahoga1074592069
Hamilton783261168
Montgomery50176996
Summit45557909
Lucas40298765
Butler37768570
Stark31513895
Lorain24246473
Warren23910293
Mahoning20946583
Lake20067362
Clermont19459229
Delaware18085130
Licking16149207
Fairfield15757197
Trumbull15627460
Medina14922259
Greene14706236
Clark13660293
Wood12806185
Portage12431196
Allen11352229
Richland11067198
Miami10548214
Muskingum8717127
Wayne8594209
Columbiana8569226
Pickaway8439121
Marion8390135
Tuscarawas8387240
Erie7600154
Hancock6730123
Ross6707146
Geauga6553146
Ashtabula6530165
Scioto6295101
Belmont5634158
Union558447
Lawrence5470102
Jefferson5343147
Huron5314114
Darke5273121
Sandusky5189120
Seneca5139120
Washington5087107
Athens503856
Auglaize476284
Mercer471984
Shelby456590
Knox4397108
Madison423959
Putnam421799
Ashland413488
Fulton410567
Defiance404296
Crawford3883101
Brown386955
Logan374476
Preble371098
Clinton362160
Ottawa357978
Highland347459
Williams328674
Champaign321557
Jackson308551
Guernsey307549
Perry290549
Fayette278048
Morrow275939
Hardin264764
Henry264366
Coshocton259857
Holmes253499
Van Wert239262
Pike233831
Gallia233446
Adams229152
Wyandot227553
Hocking209759
Carroll189447
Paulding168838
Meigs141738
Noble132937
Monroe128941
Morgan106823
Harrison105636
Vinton81614
Unassigned02
Fort Wayne
Cloudy
33° wxIcon
Hi: 39° Lo: 33°
Feels Like: 25°
Angola
Cloudy
30° wxIcon
Hi: 37° Lo: 31°
Feels Like: 24°
Huntington
Cloudy
32° wxIcon
Hi: 39° Lo: 33°
Feels Like: 27°
Fort Wayne
Cloudy
33° wxIcon
Hi: 40° Lo: 35°
Feels Like: 25°
Lima
Cloudy
41° wxIcon
Hi: 42° Lo: 38°
Feels Like: 34°
Significantly cold air settles in across northeast Indiana and northwest Ohio Tuesday night.
WFFT Radar
WFFT Temperatures
WFFT National

Community Events