Microsoft Investigates Fancy Bear

By Michael Fiorito, MDS

According to Microsoft, a cyber attack suspect linked with the Russian intelligence service has reappeared in the months leading up to the U.S. midterm elections. Microsoft announced overnight that last week it executed a court order to disrupt six fraudulent websites set up by a hacker group known by many names — most often APT28, but also Fancy Bear or Strontium, among others.

This hacking unit has been associated with the Russian spy agency GRU and blamed for a number of high-profile hacks across the world in recent years — including the breaches of the Democratic National Committee’s network during the 2016 presidential election.

Why is Microsoft so interested in investigating these hacks?  Microsoft says the group established a half-dozen domains meant to be confused with two conservative groups, the U.S. Senate and even Microsoft’s own suite of products. Two of those targets, the nonprofit International Republican Institute and the Hudson Institute research center have often criticized the Kremlin.

Microsoft reported that International Republican Institute and the Hudson Institute were targeted with my-iri.org and hudsonorg-my-sharepoint.com, and that three domains — senate.group, adfs-senate.services and adfs-senate.email — mimicked the Senate. Microsoft itself appears to have been the focus of office365-onedrive.com.

Microsoft notes that it has “no evidence” to indicate the domains were used in any successful attacks, or to conclusively determine their ultimate object.

Elizabeth Dwoskin of The Washington Post writes “Remember, Microsoft is managing one of the largest corporate email programs in the world,” she tells NPR’s Morning Edition. “When you open up your email and you click on a link — you think it’s an email from a trusted person, and then you’re taken to a website that is loaded up with malware and it’s going to take your credentials.”

When you open up your email and you click on a link — you think it’s an email from a trusted person, and then you’re taken to a website that is loaded up with malware and it’s going to take your credentials.” –
Elizabeth DwoskinThe Washington Post

Pulling the plug doesn't have to be your only security solution.

Don’t become part of a rising statistic — ensure your company is armed against a security hack.
Share This