Microsoft Thwarts Russian Fancy Bear Hacker Group After It Attacks US Political Groups

There have been many concerns over the last few years that foreign entities have been interfering in elections. Microsoft is launching its AccountGuard initiative to protect elections and political campaigns from cyberattacks.

AccountGuard is a free program for candidates, campaign offices, and other political institutions that already use Office 365, and it covers both personal and organizational accounts. Microsoft will notify the person or organizations if their accounts are threatened, will offer security advice and training, and will allow their customers to adopt previews of new programs.

Microsoft believes that AccountGuard is particularly relevant in light of their recent entanglement with Strontium, (also known as Fancy Bear or APT28). This group is connected to the Russian government and is known for creating websites that copy existing political organizations in the United States and Europe. Microsoft’s Digital Crimes Unit (DCU) transferred control of six of the domains created by Strontium.

voting sign
Image from Tom Arthur, via Wikimedia Commons

One of these domains was made to resemble the website of the International Republican Institute, whose board of directors includes six American Republican senators. Another domain mimicked the website the Hudson Institute. Microsoft claims that they do not have evidence that any of these latest domains were used in successful cyberattacks, nevertheless they notified the relevant institutions of these fake websites.

Strontium was discovered in October 2014 and has been linked to cyberattacks against journalists, military wives, and a wide variety of political and military organizations. Several reports have accused the groups of cyberattacking the United States Democratic National Committee (DNC), the Dutch government, and the 2016 German and French elections. They are known for using spear phishing emails, zero-day vulnerabilities, and malware websites.

Microsoft has battled against Strontium or Fancy Bear for several years. In 2017, Microsoft seized control of over 70 of Strontium’s domains. At the time they estimated that Strontium still controlled more than 9,000 domain names. Microsoft tracked down the names and submitted 52 subpoenas and 46 informal inquiries abroad to take the domains down. AccountGuard will likely help Microsoft to work with political institutions directly and speed up the court process.

Microsoft AccountGuard initiative is part of their Defending Democracy Program. The program was launched this past April and seeks to “protect customers and promote cyberdiplomacy around the world.” They have launched the Cybersecurity Tech Accord alongside 44 other companies and are working to creating stronger international laws.