Russian intelligence operatives attempted to hack into the online accounts of staffers on three congressional campaigns in the upcoming midterm elections, a Microsoft executive said Thursday, marking the first public acknowledgment of a Russian attack on a 2018 race.
Speaking at the Aspen Security Forum, Tom Burt, Microsoft’s corporate vice president for customer security and trust, said the technology firm had earlier this year detected a fake domain that was likely used as part of phishing attacks directed at the three campaigns.
Microsoft took down the site and prevented the victims from “being infected by that particular attack,” Burt said.
Multiple US intelligence and homeland security officials have said in recent days that Russia has not yet attempted a large-scale effort to manipulate specific election infrastructure in the midterm elections, as it did in the 2016 race.
Burt said the specific phishing tactic, which generally involves duping a victim into clicking a malicious link, was one they discovered being used by a Russian intelligence hacking group often referred to as Fancy Bear in the lead-up to the presidential election.
The hacking unit is directed by the GRU, the Russian military intelligence agency which was formally blamed for the Democratic National Committee hack and other damaging election cyberintrusions earlier this month in an indictment prepared by special counsel Robert Mueller. Cybersecurity firms have said Fancy Bear was one of the units of the GRU responsible for the hacks.
A top Homeland Security official Friday called the cases “concerning” but downplayed their broader significance in an interview at a Washington Post event.
“I see intelligence, I see reporting on stuff every day that would look — absent context — concerning,” said Christopher Krebs, the undersecretary in charge of DHS’ National Protection and Programs Directorate.
“We haven’t seen a campaign on the scale of 2016 of concerted attacks against election infrastructure, concerted attacks against campaigns. Yes, Microsoft made an announcement yesterday about three Russian — about three campaigns being targeted. That is concerning and so we’re going to work with them, we’re going to get that information, the FBI’s worked with them to share information to shore up defenses,” he said.
Burt did not identify which campaigns had been targeted, only describing the victims as “people who because of their positions might have been interesting targets from an espionage standpoint as well as from an election disruption standpoint.”
Earlier this year, officials from a Tennessee US Senate campaign informed the FBI that they feared they had been hacked, according to a copy of a letter obtained at the time by CNN.