Microsoft Says Russians Tried to Hack Senate and Think Tanks

Operation used domain names similar to the Senate and two conservative institutions

Sen. Dan Sullivan, R-Alaska, is chairman of the board of directors for International Republican Institute. Microsoft said the think tank was targeted by Strontium, also referred to as “Fancy Bear,” which is associated with Russian intelligence. (Tom Williams/CQ Roll Call file photo)

Microsoft announced late Monday that it thwarted a spearphishing attack against the U.S. Senate by a group affiliated with Russian intelligence.

In a statement, the tech giant said its digital crimes unit “executed a court order to disrupt and transfer control of six internet domains created by a group widely associated with the Russian government.”

The group is known as Strontium, Fancy Bear and APT28 and was also recently named in an indictment from special counsel Robert S. Mueller III’s investigation into Russian interference in elections, NBC News reported

Microsoft said the transfer control showed Strontium targeted the U.S. Senate but wasn’t specific about which offices were targeted. 

Strontium also appeared to target conservative think tanks the Hudson Institute and the International Republican Institute.

Hackers used domains similar to those of the institutions in an apparent attempt to get access to information like passwords and other data, Microsoft said.

The International Republican Institute’s board of directors includes hawkish Republican Sens. John McCain, Tom Cotton, Joni Ernst, Lindsey Graham, Marco Rubio and Dan Sullivan, who is chairman.

Former Sens. Kelly Ayotte and Mark S. Kirk, former Republican presidential nominee and and Utah Senate candidate Mitt Romney, and former national security adviser Gen. H.R. McMaster are also board members.

“To be clear, we currently have no evidence these domains were used in any successful attacks before [Microsoft’s Digital Crimes Unit] transferred control of them, nor do we have evidence to indicate the identity of the ultimate targets of any planned attack involving these domains,” the statement said.

Microsoft said it informed the two think tanks and both responded quickly.

Missouri Democratic Sen. Clair McCaskill announced last month that one of her staffers had been the target of a Russian phishing attack that was unsuccessful. A similar operation in 2016 was successful in accessing the files of Hillary Clinton presidential campaign chairman John Podesta.

“Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France,” Microsoft said in its statement, which was written on a blog on its website by its president, Brad Smith.

Watch: McConnell Warns Russians to Keep Out of Elections, Schumer Wants More Than Words

Get breaking news alerts and more from Roll Call on your iPhone or your Android.