Skip navigation

Spoofed Domains Target U.S. Senate and Political Organizations

In a blog post by Microsoft's president, the company has identified six spoofed domain names created by the hacking group, Fancy Bear (also referred to as Strontium or APT28).

Who Are They Targeting?

The domains are mimicking the websites of political think tanks and nonprofits, such as the Hudson Institute and the International Republic Institute.

Three others appear to be related to the U.S. Senate's email and Active Directory Federation Services (AD FS), the system that handles user identity and authentication. Another could be mistaken for Microsoft's own Office 365 service, OneDrive, a cloud-based file system.

Microsoft has executed a court order to gain control of the domains. While they haven't identified an actual attack yet, they've expressed concern about the recent activity targeting political groups and elected officials.

What Are the Threats?

Spoofed sites can present a number of threats to politicians or any user visiting the fake domains.

  • Drive-by download. Simply by visiting a malicious site, a user could unintentionally download malware onto their computer. With the help of an exploit kit hosted on the site, attackers can run code that checks your operating system, web browser, plugins, etc. for vulnerabilities before launching malware.
  • Credential or other data theft. For example, with sites pretending to be email, single sign-on or cloud-based file systems associated with the U.S. Senate, attackers could create a convincing login form that steals Senators' credentials - and gives attackers access to accounts protected only by a password.

Protecting Accounts

Installing the latest security updates can help political officials and organizations make their systems more secure and protected against vulnerabilities and potential malware infection.

Half the battle is getting visibility into which devices are out of date - as well as which devices are actually connecting to your network, applications and data.

Duo's Device Insight and Trusted Endpoints gives you insight into both mobile devices, laptops and desktops, plus allows you to define and manage access to applications with device access policies. That way, you don't allow any risky or potentially compromised devices to access your resources.

Using multi-factor authentication on every account login, from email to single sign-on (SSO) to AD FS, can also deter the success of credential theft or brute force password attacks.

Learn more about Duo + Microsoft, including how to protect access to both on-premises and cloud-based Microsoft applications, securely migrate to the Microsoft cloud with native integrations, protect your Exchange and Office 365 accounts and more.

Thu Pham

Thu Pham

Information Security Journalist

@Thu_Duo

With seven years of experience in tech and information security, Thu covers timely news events, contextualizing security information to make it easy to understand.