Skip to main content

Microsoft stops a Russian attempt at hacking 2018 midterm elections

Less than a week after the United States government charged 12 Russian officers for hacking in the 2016 presidential election, Microsoft is accusing the same Russian intelligence agency of using a phishing scheme to hack at least three additional candidates in the 2018 midterm election. Microsoft vice president for customer security and trust Tom Burt revealed the company’s findings at the Aspen Security Forum’s Defending Democratic Institutions: Election 2018 and Beyond panel.

“Earlier this year we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” Burt said. “We saw metadata that suggested those phishing attacks were being directed at three candidates.” Details of the attack were not revealed, but phishing attacks usually involve hackers sending an email with a web address containing a malicious link that’s designed to install malware when it is activated. As part of its work with the United States government, Microsoft was able to seize the domain before it could inflict damage.

Related Videos

Microsoft also did not reveal the names of the affected candidates nor their political party affiliations, but Burt noted that “because of their positions, [the candidates] might have been interesting targets from an espionage standpoint, as well as an election disruption standpoint.” The company traced the hacks back to the Russian group Strontium, which is widely believed to be closely linked to Russia’s GRU military intelligence agency.

Burt’s announcement comes less than a week after U.S. Special Counsel Robert Mueller indicted 12 members of the GRU for their involvement in hacking the Democratic National Committee in 2016. Similar to the discovery of Russian-linked hacking on the 2018 elections, Microsoft’s security team found that spoofed domains were used in the 2016 election hacks. Though hacking politicians has been part of spy organizations, leaking the information is seen as a violation of the practice, Buzzfeed News reported. “A hacker group from a second Russian intelligence agency had penetrated the DNC as early as 2015, but didn’t spread that information, and has avoided the kind of international condemnation aimed at the GRU,” the site noted.

Despite continued warnings by U.S. intelligence officials, including FBI Director Christopher Wray and National Intelligence Director Dan Coats, that election hacking will be a likelihood in the 2018 elections and beyond, the Republican-controlled House voted to eliminate new funding for states to strengthen election security, The New York Times reported. In addition to U.S. hacks, the GRU is also believed to have targeted the campaign of French president Emmanuel Macron.

Editors' Recommendations

LastPass reveals how it got hacked — and it’s not good news
A depiction of a hacker breaking into a system via the use of code.

Last year was a particularly bad one for password manager LastPass, as a series of hacking incidents revealed some serious weaknesses in its supposedly rock-solid security. Now, we know exactly how those attacks went down -- and the facts are pretty breathtaking.

It all began in August 2022, when LastPass revealed that a threat actor had stolen the app’s source code. In a second, subsequent attack, the hacker combined this data with information found in a separate data breach, then exploited a weakness in a remote-access app used by LastPass employees. That allowed them to install a keylogger onto the computer of a senior engineer at the company.

Read more
A beginner’s guide to Tor: How to navigate the underground internet
A person using a laptop at a desk.

While the internet has dramatically expanded the ability to share knowledge, it has also made issues of privacy more complicated. Many people are justifiably worried about their personal information being stolen or viewed, including bank records, credit card info, and browser or login history.

If you're looking for more privacy while browsing, Tor is a good way to do that, as it is software that allows users to browse the web anonymously. It should be noted that Tor can be used to access illegal content on the dark web, and Digital Trends does not condone or encourage this behavior.
Why does Tor exist?
In this climate of data gathering and privacy concerns, the Tor browser has become the subject of discussion and notoriety. Like many underground phenomena on the internet, it is poorly understood and shrouded in the sort of technological mysticism that people often ascribe to things like hacking or Bitcoin.

Read more
Don’t fall for it — ChatGPT scams are running rampant across social media
Person typing on a computer keyboard.

Malware and scams for ChatGPT continue to become more prevalent as interest in the chatbot developed by OpenAI expands.

There have been a number of instances of bad actors taking advantage of the popularity of ChatGPT since its introduction in November 2022. Many have been using false ChatGPT interfaces to scam unsuspecting mobile users out of money or infect devices with malware. The most recent threat is a mix of both, with hackers targeting Windows and Android users through phishing pages and aiming to steal their private data, which could include credit card and other banking information, according to Bleeping Computer.

Read more