Microsoft Reveals First Known Russian Hacking Attempt Aimed at 2018 Midterms
(Jul 19, 2018)
On Thursday July 19, 2018, Microsoft executive John Burt revealed at an election panel held the Aspen Security that Microsoft had detected the first known cyberattacks on U.S. election campaigns in 2018. Microsoft’s security team identified “a series” of phishing emails, which mimicked themes used in such emails from the 2016 election cycle, that were sent to 2018 midterm candidates. The emails bore resemblance to spear phishing emails that were distributed by the Russian Advanced Persistent Threat (APT) group “APT28” (Fancy Bear). Burt also said “we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” and that the data indicated that at least three candidates were being targeted. Microsoft was able to take down the domain to stop this phishing campaign.
Recommendation: Defense in depth (layering of security mechanisms, redundancy, fail safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spear phishing and how to identify such attempts.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.