Microsoft’s revelation that Russia-linked hackers targeted conservative groups is raising flags about who the Kremlin has in its crosshairs ahead of the 2018 midterm elections.
The majority of previously disclosed cyberattacks linked to Moscow have targeted Democrats, but the latest false sites, apparently created by the hacking group known as “Fancy Bear,” were aimed at conservative think tanks publicly critical of Russia — a sign that the group could be expanding its attacks to go after any potential enemies in the U.S.
While Microsoft noted that it lacked “evidence to indicate the identity of the ultimate targets of any planned attack involving these domains,” experts said the revelations serve as a reminder that Democrats aren’t the only ones susceptible to attacks, particularly as prominent Republicans escalate their criticisms of Russia and President Vladimir Putin.
{mosads}
“Vladimir Putin uses cyber operations to promote those who support his political agenda and undermine those who do not,” said Priscilla Moriuchi, director of strategic threat development for the security firm Recorded Future. “This includes people and organizations on both sides of the political aisle.”
Microsoft on Monday announced that a hacking group had created fake websites mimicking those of two think tanks, as well as domain pages that appeared to reference the U.S. Senate. The sites were designed to look like Microsoft’s services in an effort to trick users into handing over their personal information to hackers, a technique known as spear-phishing.
The same method was deployed in the 2016 hack of the Democratic National Committee (DNC) servers. Russia was believed to be behind that hack, and special counsel Robert Mueller last month indicted 12 Russian military officers for their alleged role in that cyberattack.
This time around, the conservative Hudson Institute was one of the organizations targeted by hackers. The Washington-based think tank has frequently spoken out against the Kremlin.
The other organization targeted — the International Republican Institute, whose board of directors includes Sen. John McCain (R-Ariz.), a harsh critic of Putin — was listed as an “undesirable organization” in 2016 by Russia’s prosecutor general.
The Hudson Institute said in a statement to The Hill that it “can only assume that this attack was intended to gather information about, and compromise or otherwise disrupt, Hudson’s longstanding democracy-promotion programs, and in particular, our initiatives to expose the activities of foreign kleptocratic regimes.”
“This is not the first time authoritarian overseas regimes have attempted to mount cyberattacks against Hudson, our experts, and their friends and professional associates,” the statement read. “But we will not be deterred from the pursuit of our essential mission to promote and defend the interests of the United States and its democratic allies all across the globe.”
The International Republican Institute did not respond to a request for comment.
While not as publicized as the Democratic cyberattacks, Republicans have previously been targeted by Russian hackers. For example, special counsel Robert Mueller last month referenced hackers obtaining GOP emails in his indictment in the DNC hack.
Sean Sullivan, a security advisor for the security firm F-Secure, said in an email that both organizations have encouraged imposing sanctions on Russia, and that the “focus on think tanks holding pro-sanction views on Russia’s current regime is about espionage.”
“In short: spies are going to spy,” he said. “That’s true whether or not it’s an election year.”
Congress passed legislation last year to impose sanctions on Russia. The Trump administration later implemented the measures and has since imposed more, most recently on Tuesday when the Treasury Department slapped sanctions on two Russian firms and individuals.
Sullivan added in a phone interview with The Hill that groups like Fancy Bear will continue to target the U.S. as long as Russia faces sanctions, which he noted are generally a bipartisan issue.
He added that the hacker group referenced by Microsoft created false sites targeting the Senate, which Sullivan described as being “more involved” in passing the latest round of Russian sanctions than the House.
Jessica Ortega, a research analyst for the web security firm SiteLock, said the two think tanks may have been targeted solely because they had fewer cybersecurity resources.
“It’s possible that these groups, or these philosophies that they’re attacking more generally, are just lower-hanging fruit,” she said.
Microsoft also announced this week that it would start providing free cybersecurity software to campaigns and candidates at the local, state and federal level, and to “think tanks and political organizations we now believe are under attack.”
The threat of foreign election interference has raised concerns about the integrity of the 2018 midterms, with lawmakers pushing to pass legislation on election security ahead of November’s elections.
The issue was highlighted Tuesday when the Senate Judiciary Subcommittee on Crime and Terrorism held a hearing on cyber threats to the U.S.
“To Republicans, if you think the Russians don’t have you in mind you’re making a great mistake,” said Sen. Lindsey Graham (R-S.C.) at the hearing. “They’re trying to undermine the democratic process. Now that we’re in charge, I think we’re a natural target.”