U.S. candidates, campaigns and political groups are facing a resurgence of attempted cyberattacks from hackers, including the Russians accused of disrupting the 2016 presidential election, Microsoft said Tuesday.
The announcement — the latest sign that this year’s midterms remain under threat as well — came as the tech giant said it will offer politicians and political organizations free help in repelling email-based hacks.
“In the face of this continuing activity,” the company said in a blog post Tuesday, “we must work on the assumption that these attacks will broaden further.”
Last week, Microsoft received a federal court’s permission to take down malicious websites that mimicked the login pages of the Senate, Microsoft’s own Office 365 email platform and two conservative think tanks, the International Republican Institute and the Hudson Institute.
Using these websites, hackers working for the Kremlin-linked group Fancy Bear tried to trick their targets into handing over their passwords. The same group, tied to Russian military intelligence, has been blamed for the thefts and distribution of emails and other sensitive documents from the Democratic Party and Hillary Clinton’s campaign aides two years ago.
Microsoft said it will offer detailed, personalized notifications about specific cyberattacks.
Microsoft said it had no evidence that the Russians successfully hacked anyone using the sites it took down last week. But it said it was “concerned that these latest attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections.”
In response, Microsoft said it will offer detailed, personalized notifications about specific cyberattacks, as well as more general network and email security briefings, to “all candidates and campaign offices at the federal, state, and local level, as well as think tanks and political organizations we now believe are under attack,” Microsoft said.
“When verifiable threats are detected, Microsoft will provide personal and expedited recommendations to campaigns and campaign staff to secure their systems,” the company said.
The announcement comes shortly after news about successful hacks of two Democratic congressional campaigns, one of which had no security staff and could not afford to hire a security firm to investigate the incident.
Russian intelligence officers used a fake email login page in March 2016 to hack Hillary Clinton campaign chairman John Podesta, according to an indictment from special counsel Robert Mueller. More recently, Russia used the fake sites to target staffers for Sen. Claire McCaskill (D-Mo.), according to the Daily Beast.
Microsoft did not name McCaskill but said it detected “attacks … on the staffs of two current Senators” several months ago, something Microsoft executive Tom Burt mentioned at a recent conference, though he originally said it was three offices.
After spotting the fake Senate, IRI and Hudson websites, Microsoft notified all three entities. The company has been working with Senate IT staffers since its earlier discovery of the attacks on the two Senate offices.
“We are concerned by the continued activity toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States,” Microsoft said, describing the Russian hacking as mirroring “the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France.”
In the past two years, Microsoft has received 12 court orders to take down 84 Fancy Bear websites.
In order to provide free services to registered political candidates, companies must receive permission from the Federal Election Commission. Microsoft is sending the FEC a letter Tuesday requesting that permission.
The company said it would expand its new campaign protections to other countries “in the coming months.”