The digital crimes unit at Microsoft Corp. (NASDAQ: MSFT) reported on Monday that it had last week shut down six potentially dangerous internet domains that had been set up by a Russia-based hacking group known as Fancy Bear, or, variously, as APT 28 and Strontium. The company acted after receiving a court order to take control of the domains, a security tactic known as “sinkholing.” Once a domain has been sinkholed, the hackers no longer own it nor do they have access to it.
In a post on Microsoft’s corporate blog, President Brad Smith noted that this is the 12th time in two years that the company has executed court orders to shut down 84 fake websites associated with Fancy Bear or, in this case, Strontium.
The six domains that were shut down were:
Smith said that the federal court-appointed special master concluded in his order to sinkhole the domains that there is “good cause” to believe that Strontium is “likely to continue” seeking to disrupt the U.S. elections coming in November. Smith also warned of more attacks:
Despite last week’s steps, we are concerned by the continued activity targeting these and other sites and directed toward elected officials, politicians, political groups and think tanks across the political spectrum in the United States. Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France.
Microsoft is also expanding its existing Defending Democracy Program, introducing a new initiative called AccountGuard that provides “state-of-the-art cybersecurity protection at no extra cost to all candidates and campaign offices at the federal, state and local level, as well as think tanks and political organizations we now believe are under attack.” The technology is available at no charge to candidates for public office, campaigns and related political institutions that use Office 365.