Less than a week after Deputy Attorney General Rod Rosenstein announced Special Counsel Robert Mueller's indictment of 12 Russian military intelligence or G.R.U. officers for 2016 election hacking, Microsoft says the cyber criminals are at it again.
Speaking on a panel at the Aspen Security Forum on Thursday, Tom Burt, Microsoft's vice president for customer security and trust, said that his team had discovered a spear-phishing campaign targeting three candidates running for election in 2018. Analysts traced them to a group Microsoft has nicknamed Strontium, which is closely tracked by every major threat intelligence company and is widely accepted to be run by the GRU, Russia’s military intelligence agency.
Burt declined to name the candidates during the event, citing privacy concerns, and didn’t say which party they belonged to, but implied they were candidates of note and running for reelection.
“They were all people who, because of their positions, might have been interesting targets from an espionage standpoint, as well as an election disruption standpoint,” Burt said.
“Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” said ... Burt ... “And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections.”
(...)
Microsoft took down the fake domain and worked with the federal government to block the phishing messages. Burt said that none of the targeted campaign staffers were infected.
Burt did not specify whether the hacking attempts originated from Russia.
GRU hackers are believed to be behind a number of global hack-and-leak operations aimed at entities adversarial to Russia, including French President Emmanuel Macron’s 2017 campaign and the World Anti-Doping Agency, whose reports led to Russia’s ban from the 2018 Olympics over its massive doping program.
In recent weeks, officials from the Department of Homeland Security have insisted that though they’re watchful of potential Russian hacking, they’ve seen no sustained campaign against election systems.
(...)
When asked by BuzzFeed News, Microsoft also declined to address which parties it had seen targeted ... A representative from the Democratic National Committee, Xochitl Hinojosa, didn't address whether any Democrats had been targeted, but told BuzzFeed News that “We saw the Russians attack our democracy in 2016 and we know they're a threat in 2018, 2020 and beyond. Unfortunately, the President refuses to acknowledge this serious threat to our country, and House Republicans are refusing to increase funding for election security.”
In fact, House Republicans did vote down a spending bill amendment Thursday that would have set aside more money for state election security.
[Rep. Mike] Quigley’s (D-IL) election security amendment would have extended funding for a state grant program overseen by the federal Election Assistance Commission. Congress approved $380 million in the current budget for the program, which is intended to help states strengthen election systems from hacking and other cyberattacks.
Democrats want to approve a similar amount through 2019, but Republicans say money from the current program is still available to states and new spending is not needed.
(...)
Rep. Lloyd Doggett, D-Texas, said Republicans’ refusal to spend more money on election security “represents nothing less than unilateral disarmament” against Russia ...
Rep. Steny Hoyer of Maryland, the No. 2 Democrat, depicted the vote on election security grants as a defense of U.S. democracy, citing a comment by National Intelligence Director Dan Coats that warning lights about cyber threats to the U.S. are “blinking red” in a manner similar to those before the 9/11 attacks.
“The flashing red light calls us to action!” Hoyer thundered. “Surely we can rise above pandering to party and Putin to act on behalf of our freedom and our security.” ...
The House approved the overall spending bill, 217-199 ...
Speaking in Aspen later in the day Thursday, Deputy AG Rosenstein also addressed the ongoing threat of Russian cyberattacks.
CNN:
The Russian effort to influence the 2016 presidential election is "just one tree in a growing forest," Rosenstein said.
"Russian intelligence officers did not stumble onto the ideas of hacking American computers and posting misleading messages because they had a free afternoon," he added. "It is what they do every day."
He warned of a continued threat and the report highlighted five types of operations the government must counter: cyberattacks on election infrastructure such as voter registration databases and voting machines; targeted attacks on political organizations, campaigns and public officials; covert operations to help or hurt campaigns; the spread of disinformation on social media; and the use of lobbyists, foreign media and other organizations to influence lawmakers and the public.
(...)
To counteract these strategies, the plan is to aggressively investigate and prosecute, work with other federal agencies to identify bad actors and inform the public who they are, support actions like financial sanctions and have social media providers help identify foreign influencers and boot them off their platforms.
"Foreign governments should not be secret participants, covertly spreading propaganda and fanning the flames of division," Rosenstein said.
The Russians Who Hacked The DNC Have Targeted At Least Three 2018 Campaigns, Microsoft Says (BuzzFeed News)
Republicans block bid to extend election security grants (AP)
Microsoft reveals first known midterm campaign hacking attempts (Politico)
Rosenstein: Russian attack on 2016 election 'one tree in a growing forest' of cyber activity (CNN)