Microsoft Sinkholes 6 Fancy Bear/APT28 Internet Domains

In a sign that US security experts and officials this election season are on high alert for potential Russian hacking and meddling during the midterms, Microsoft today revealed that it has taken over six potentially malicious Internet domains set up by the nation-state hacking team Fancy Bear, aka APT 28, Pawn Storm, and Strontium.

The sinkhole operation shutting down the domains appears to have disrupted the early stages of a possible cyberattack campaign. Microsoft president Brad Smith said there was no indication that the attackers had used the domains in any full-blown attacks, nor were they able to discern the actual targets Fancy Bear may have been after by using these domains.

The domains provide a sneak-peek at some of types of targets the Russian nation-state hacking team, which is believed to be the Russian military intelligence agency, GRU, was after: my-iri.org, which site poses as that of the International Republican Institute, a nonprofit with several high-profile politicians and government officials on its board including Sen. Marco Rubio (R-Fla.) and Gen H.R. McMaster; hudsonorg-my-sharepoint.com, which resembles the domain of the Hudson Institute, another conservative nonprofit that has sponsored events and written reports on Russian government corruption; and senate.group, adfs-senateservices, and adfs-senate.email, which appear to be spoofing US Senate websites and servers.