Microsoft seized six fake domains that mimic the websites of prominent political organizations located in the United States.

On 20 August, the Redmond-based tech giant revealed that its Digital Crimes Unit (DCU) had successfully executed a court order to take control of six fake domains created by Fancy Bear. Also known as “Strontium” and “APT28,” Fancy Bear is one of the Russian digital crime groups that infiltrated the Democratic National Convention’s computer network during the lead-up to the 2016 U.S. presidential election and stole opposition research on then-Republican presidential nominee Donald Trump.

The Russian threat actor designed its fake domains to impersonate prominent U.S. political organizations. Among its targets were the International Republican Institute, an organization for which well-known Republican Senators including John McCain and Marco Rubio serve as board members, and the Hudson Institute, a conservative think tank known for its discussions on a range of topics including digital security. In addition, two of the domains targeted the U.S. Senate.

Microsoft said it has no evidence suggesting Fancy Bear leveraged those domains to conduct attacks. It also clarified that it doesn’t know whom Strontium was thinking about targeting at those entities.

Following its seizure of the domains, the tech giant notified both the International Republican Institute and Hudson Institute while continuing to monitor domain activity associated with the Senate IT staff. But Brad Smith, president and chief legal officer of Microsoft, said company officials are still concerned by what they perceive is a broadening range of activities by APT28. As he wrote in a blog post:

As a special master appointed by a federal judge concluded in the recent court order obtained by DCU, there is “good cause” to believe that Strontium is (Read more...)