The Russian group behind the 2016 election meddling appears to have recently targeted conservative think tanks critical of Russia and President Trump’s interactions with Russia, Microsoft said Monday night.
According to Microsoft, the company seized websites created in recent weeks by the group APT28—also known as Strontium or Fancy Bear—which is associated with the Russian military intelligence agency formerly known as the GRU. The sites were meant to look as if they were managed by the Hudson Institute and the International Republican Institute but redirected instead to imitation pages for hackers to steal passwords and credentials.
According to the New York Times, the Hudson Institute targets Russia in programs it promotes to study global corruption. The International Republican Institute, which has ties to Republicans such as Sen. John McCain and Mitt Romney, works to promote democracy abroad and is also critical of Russia.
The group APT28 has been blamed for a phishing attack used to hack into the emails of John Podesta, who was then the campaign chairman for Hillary Clinton. While Microsoft did not blame Russian intelligence directly for the more recent attacks, it did name APT28 in its report, according to the Washington Post.
Apart from the two think tanks, the Russian hackers also are said to have created pages related to public policy, the U.S. Senate and, in one case, Microsoft itself. Microsoft says it caught the pages early, as they were being set up.
After the 2016 election, cybersecurity companies found similar sites created by Russians. Microsoft announced on Monday that it was launching an effort to expand its protections for campaigns and election agencies using its products before the midterm elections. Last month, Microsoft said it had found similar attacks against Sen. Claire McCaskill, who is up for re-election in Missouri.
The FBI has warned that it expects to see Russian campaigns to spread both malware and divisiveness among the American public. In July, Facebook announced it had removed a rash of “bad actor” accounts and pages working together as part of a disinformation campaign on that platform and on Instagram. Facebook did not blame Russia, but it noted the similarities to the Russian manipulation operation on social media that used thousands of fake accounts before and in the months after the 2016 election.