[et_pb_section fb_built=”1″ fullwidth=”on” _builder_version=”3.12″ background_image=”https://www.mdsny.com/wp-content/uploads/2018/08/la-1526943582-e5ca33qamw-snap-image.jpg” background_position=”center_right” background_blend=”darken” custom_padding=”0px|0px|0px|0px”][et_pb_fullwidth_header title=”Microsoft Investigates Fancy Bear” text_orientation=”center” background_overlay_color=”rgba(0,0,0,0.42)” title_font_color=”#ffffff” _builder_version=”3.2″ title_font=”||||||||” title_text_color=”#ffffff” title_font_size=”37px” background_color=”rgba(255, 255, 255, 0)” background_layout=”light”][/et_pb_fullwidth_header][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”3.0.65″ custom_padding=”12px|0px|0px|0px”][et_pb_row make_fullwidth=”on” custom_padding=”16px|1px|0px|2px|false|false” _builder_version=”3.0.65″][et_pb_column type=”4_4″ _builder_version=”3.0.65″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.12″ text_font=”||||||||” text_font_size=”18px”]

By Michael Fiorito, MDS

According to Microsoft, a cyber attack suspect linked with the Russian intelligence service has reappeared in the months leading up to the U.S. midterm elections. Microsoft announced overnight that last week it executed a court order to disrupt six fraudulent websites set up by a hacker group known by many names — most often APT28, but also Fancy Bear or Strontium, among others.

This hacking unit has been associated with the Russian spy agency GRU and blamed for a number of high-profile hacks across the world in recent years — including the breaches of the Democratic National Committee’s network during the 2016 presidential election.

Why is Microsoft so interested in investigating these hacks?  Microsoft says the group established a half-dozen domains meant to be confused with two conservative groups, the U.S. Senate and even Microsoft’s own suite of products. Two of those targets, the nonprofit International Republican Institute and the Hudson Institute research center have often criticized the Kremlin.

[/et_pb_text][et_pb_image _builder_version=”3.0.74″ animation_style=”slide” animation_direction=”left” animation_duration=”500ms” animation_intensity_slide=”10%”][/et_pb_image][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”3.0.74″ background_color=”#e8e8e8″ custom_padding=”0px|0px|38px|0px|false|false”][et_pb_row make_fullwidth=”on” custom_padding=”22px|0px|0px|0px|false|false” _builder_version=”3.0.65″][et_pb_column type=”2_3″ _builder_version=”3.0.65″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.106″ text_font=”||||||||” text_font_size=”18px” inline_fonts=”Droid Serif”]Microsoft reported that International Republican Institute and the Hudson Institute were targeted with my-iri.org and hudsonorg-my-sharepoint.com, and that three domains — senate.group, adfs-senate.services and adfs-senate.email — mimicked the Senate. Microsoft itself appears to have been the focus of office365-onedrive.com.

Microsoft notes that it has “no evidence” to indicate the domains were used in any successful attacks, or to conclusively determine their ultimate object.

Elizabeth Dwoskin of The Washington Post writes “Remember, Microsoft is managing one of the largest corporate email programs in the world,” she tells NPR’s Morning Edition. “When you open up your email and you click on a link — you think it’s an email from a trusted person, and then you’re taken to a website that is loaded up with malware and it’s going to take your credentials.”
[/et_pb_text][/et_pb_column][et_pb_column type=”1_3″ _builder_version=”3.0.65″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.12″ border_color_all=”#000000″]

When you open up your email and you click on a link — you think it’s an email from a trusted person, and then you’re taken to a website that is loaded up with malware and it’s going to take your credentials.” –
Elizabeth DwoskinThe Washington Post

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”3.0.74″ background_color=”#8d8c91″ custom_padding=”19px|0px|1px|0px|false|false”][et_pb_row make_fullwidth=”on” custom_padding=”10px|0px|27px|0px” admin_label=”row” _builder_version=”3.0.47″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_cta title=”Pulling the plug doesn’t have to be your only security solution.” button_url=”https://www.mdsny.com/contact/” button_text=”Contact Us” _builder_version=”3.0.65″ header_font=”Droid Sans|on|||” header_font_size=”31px” body_font=”Droid Sans||||” body_font_size=”19px” use_background_color=”off” background_size=”initial” background_position=”top_left” background_repeat=”repeat” custom_button=”on” button_text_color=”#2d3743″]Don’t become part of a rising statistic — ensure your company is armed against a security hack.