Microsoft claims win over 'Russian political hackers'
Russian attempts to launch cyber-attacks against US conservative groups have been thwarted, Microsoft says. The software company said Russian hackers had tried to steal data from political organisations, including the International Republican Institute and the Hudson Institute think tanks. But they had been thwarted when its security staff had won control of six net domains mimicking their websites.
Microsoft said the Fancy Bear hacking group had been behind the attacks. "We're concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections," Microsoft said in its blog detailing its work.
The thwarted attack was likely the start of a "spear phishing" campaign, said Microsoft. This would involve tricking people into visiting the mimicked domains allowing the Fancy Bear group to see and steal login information that people use. As well as the two think-tanks, the domains seized were associated with several Senate offices and services. One domain sought to mimic Microsoft's Office 365 online service.
Russia has denied Microsoft's allegations that it targeted the right-wing think-tanks.
Also at NYT, Reuters, and The Hill.
(Score: 3, Interesting) by Gaaark on Tuesday August 21 2018, @11:31PM (1 child)
Yes, I think it's ridiculous that office365 will accept a password such as, say, Welcome4.
GOOD security there, MS....good security.
Can't wait to hear the 365 servers were hacked: I'll laugh and laugh!
(but MS won't probably ever tell if THAT happens.)
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by Runaway1956 on Wednesday August 22 2018, @02:51AM
My company isn't the same one to use Welcome16 as a password?
Seriously - every x number of days, the password must be changed. It increments by 1 each time. FFS, how long does it take to "brute force" a password when you know exactly what form that password takes? You don't even need software to do it.