Skip to main content

Microsoft takes down six phishing domains linked to Russian election hackers

Microsoft takes down six phishing domains linked to Russian election hackers

/

The domains mimicked Senate staff and two conservative think tanks

Share this story

Windows logo on a blue background with several vertical lines flanking it.
Illustration by Alex Castro / The Verge

Microsoft has seized six phishing domains that belong to Russian government hackers, the company announced today. The domains were registered by Russia’s GRU intelligence agency, which is also alleged to have stolen and leaked emails from the Clinton campaign in 2016.

The domains appear to be aimed at spoofing government targets, including addresses like “senate.group” and “adfs-senate.email.” Others mimic the domains of the International Republican Institute and the Hudson Institute, which are conservative think tanks that have been critical of President Trump. Presumably, the group was intending to use the superficial similarity of the domains to aid in a phishing attack, sending malware-laced emails to targets masquerading as colleagues.

“To be clear, we currently have no evidence these domains were used in any successful attacks before the DCU transferred control of them,” Microsoft president Brad Smith said in a statement. “Nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains.”

Still, the domains are a reminder that Russian influence efforts are ongoing and may yet play a role in the midterm elections in November. The broader pattern of phishing is similar to Russia-linked campaign in advance of the 2016 election in the US and 2017 election in France. In those instances, phishing attacks were used to steal documents that could later be leaked for political effect.

President Trump has consistently cast doubt on Russia’s involvement in the DNC hacks, despite an intelligence community assessment in December 2016 that attributed the attacks to agents of the Russian government. At the Helsinki summit in July, Trump declined to confront Russian president Vladimir Putin on the hacking campaign, simultaneously accepting and rejecting the idea that Russia was involved in the DNC hack.

“I accept our intelligence community’s conclusion that Russia’s meddling in the 2016 election took place,” Trump said when pressed on the issue by reporters. “Could be other people also. There’s a lot of people out there.”