The campaigns of three candidates in the midterm elections were targeted in a phishing attack similar to the ones targeting the Clinton campaign in 2016, a top Microsoft executive said Thursday.
Microsoft could not identify the campaigns targeted and said no individuals were infected by the attack. The tactics were similar to those outlined in the indictment from special counsel Robert Mueller against Russian GRU operatives.
“They were all people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint,” Tom Burt, Microsoft’s corporate vice president for customer security and trust, said during a panel discussion at the Aspen Security Forum focused on election security issues.
The attempted hackers registered fake Microsoft web domains to serve as a landing page for phishing attacks. Similar tactics were used in 2016 during the Republican and Democratic conventions, though the company did not identify them as being orchestrated by the Russian government, Burt said.
Microsoft has made it a priority to identify such phishing attempts and used a novel legal strategy to prevent them from being successful, quickly seeking court orders to transfer the fake domains to what Burt called a “Microsoft-controlled sinkhole.” He said Microsoft has been working with other large technology firms to share intelligence about such threats.
In the same panel, Assistant Homeland Security Secretary Jeanette Manfra, whose portfolio includes election security issues, said that while there has been a “concerning increase” in attempts by foreign states to infiltrate critical U.S. infrastructure, there were no indications that it included elections infrastructure.
“While we see Russians continuing to attempt to influence and undermine our democracy, we’re not seeing the targeting of the actual state and local elections systems that we saw in 2016 right now,” Manfra said.