ITP Sites:   ITP Site|TechBlog|TechHub in schools|NZ CloudCode|All Tech Events|Software Escrow NZ

ITP Techblog

Brought to you by IT Professionals NZ
Menu
« Back to Home

Microsoft moves to shut down alleged Russian phishing sites

Paul Brislen, Editor. 22 August 2018, 7:10 am

Microsoft says it has blocked an attempted attack on the US Senate and a conservative think tank ahead of mid-term elections in November.

The attack was conducted apparently by the group known as Fancy Bear, the Russian group with ties to the attack on the Democratic National Committee in 2016. The group is said to have ties with the Russian GRU intelligence agency, a claim the Russian government denies.

Microsoft seized six phishing domains that appear to be aimed at spoofing US government targets. Addresses include "senate.group" and "adfs-senate.email." 

In a statement, Microsoft president Brad Smith says the company had no evidence the domains had been used in any successful attacks to this point.

"Nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains." However, the company seized the domains as they follow a familiar pattern of activity.

"We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group. Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit. The sites involved in last week's order fit this description."

There has been no comment from the Trump administration on the matter at this point.


Comments

You must be logged in in order to post comments. Log In


Web Development by The Logic Studio