Microsoft says Russia was behind several major US political group hacks

Microsoft has warned that Russian state actors are ramping up cyberattacks ahead of the US congressional elections in November.

The software giant said it had caught and shut down a number of web domains masquerading as websites belonging to the US Senate, two think tanks and its own cloud storage service in the last week. Hackers use these sites to trick users into providing their login details to confidential systems such as email accounts.

Microsoft’s president Brad Smith specifically attributed these attacks to a group known as Fancy Bear – or also Strontium and APT28 – that is linked to the Russian government. The Kremlin later denied the allegations.

"We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections," wrote Smith in a blog post.

"There is 'good cause' to believe that Strontium is 'likely to continue' its conduct. In the face of this continuing activity, we must work on the assumption that these attacks will broaden further.

Russia’s Foreign Ministry called Microsoft’s decision to take part in the “witch hunt” against the country as “regrettable [for] a large international company, which has been working in the Russian market for a long time”.

However some cybersecurity specialists cast doubt on the news from Microsoft, calling the recent APT28 activity "nothing special".

Thomas Rid, professor of strategic studies at John Hopkins School of Advanced International Studies said the attacks looked like "run-of-the-mill spying". Several others noted that APT28 and other foreign hacking groups have targeted US political organisations for more than a decade.