Hackers have already targeted at least three 2018 Congressional candidates, according to a Microsoft executive, who disclosed the attempted cyber-intrusions today during a panel at the Aspen Security Forum.
Tom Burt, corporate vice president for customer security and trust at Microsoft, noted at the panel today that the company had tracked attempts to use fake Microsoft domains for espionage activities in 2016. Those attempts were linked to a group Microsoft calls “Strontium” — the same hackers who targeted the Democratic National Committee in 2016, and who have been tied to Russian military intelligence. The company has been active in taking down those domains, he said, but similar activity has continued into this year.
“Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks, and we saw metadata that suggested those phishing attacks were being directed at three candidates who were all standing for election in the midterm elections,” Burt said.
Burt, who said the company worked with the United States government to stop the attacks, declined to identify the candidates, and said that the phishing attempts were unsuccessful. It was not clear from the panel whether Microsoft believed the GRU-linked group was responsible for the 2018 hacking attempt. The Verge has asked the company for clarification.
US government officials have said that election meddling tied to the Russian government has continued into the present, raising concerns about how the activity will affect the upcoming elections.
President Trump said “no” this week after being asked whether Russia was still attempting to interfere in American elections, a statement in direct contradiction to assessments from intelligence agencies. The response was part of a bizarre back-and-forth that continued with press secretary Sarah Sanders saying Trump was not attempting to respond to the question, and that administration officials “believe that the threat still exists.”