Microsoft Says It Stopped Cyberattacks on Three 2018 Candidates

-A +A

(July 20): Microsoft Corp. said it identified and stopped attempts to launch cyberattacks on three 2018 congressional candidates using a phony version of its website.

The targets, who it didn’t identify, were “all people who because of their positions might have been interesting from an espionage standpoint, as well as an election disruption standpoint,” Tom Burt, Microsoft’s corporate vice president for customer security and trust, said at the Aspen Security Forum in Colorado on Thursday.

Burt described the attacks after President Donald Trump first cast doubt on the U.S. intelligence finding that Russia interfered in the 2016 election and then backed the assessment. Director of National Intelligence Dan Coats reaffirmed the consensus conclusion of U.S. spy agencies that Russia meddled in the presidential election and said Vladimir Putin’s government is engaged in “ongoing, pervasive efforts to undermine our democracy.”

Burt said the attackers tried to use a phony Microsoft web page to make “phishing” attacks on the candidates. Working with the government, Burt said the company removed the internet domain and prevented the attacks from succeeding.

He said that Microsoft saw the same tactic attempted during the 2016 Democratic Convention in Philadelphia, at which the company provided protection.

Burt identified the group behind the 2016 attempt as APT28, a hacking group in Russia, which U.S. intelligence officials consider to be run by the G.R.U., Russia’s military intelligence agency. He said that, in 2016, Microsoft took down a total of 90 domains run by APT28.

A Facebook Inc. executive on the same panel at the Aspen conference said that in April, the company removed a few hundred pages on the service controlled by the St. Petersburg-based Internet Research Agency, which has been indicted by Special Counsel Robert Mueller for an alleged social media campaign aimed at interfering in the 2016 election.

Monika Bickert, Facebook’s head of product policy and counterterrorism, said the accounts were spreading Russian language advertisements in Russian-speaking countries. - Bloomberg