Fancy Bear, a hacking group linked to Russian military intelligence, targeted a Washington think tank, the Center for Strategic and International Studies, CNN has learned.
The same Russian group is believed to behind the hack of the Democratic National Committee in 2016.
A court in Virginia gave Microsoft control of a group of websites that were intended to look like login sites for the think tank’s internal systems, court filings Wednesday show.
Hackers could have used the website domains to set up fake login pages or send emails to people who work with or have Center for Strategic and International Studies email addresses in an attempt to trick them into handing over information, like their passwords.
Hackers successfully used this form of attack, known as spearphishing, to target Hillary Clinton’s campaign chairman John Podesta in 2016.
Andrew Schwartz, the think tank’s chief communications officer, would not comment on whether any information had been accessed. There is no indication from the court filings that the hackers’ attempts were successful.
The court said the websites qualified as “Strontium Domains.” Strontium is another name for Fancy Bear. The group is also known by other monikers, including APT28.
A number of high-profile individuals are associated with the Center for Strategic and International Studies, including former Secretary of State Henry Kissinger.
Schwartz told CNN, “CSIS is under consistent cyberattack from a variety of state actors. We spotted this incident immediately and were able to work with Microsoft to put a stop to it.”
The domains that were designed to look like they were run by the think tank were LOGIN-CSIS.ORG, CSIS.EVENTS, CSIS.EXCHANGE and CSIS.CLOUD.
Tom Burt, Microsoft’s corporate vice president for customer security and trust, told CNN in a statement on Wednesday, “This is part of our ongoing work to protect customers and democratic processes and institutions. We’ve used this approach 13 times in the last two years to shut down 89 fake websites.”
Last August, the same court in Virginia gave Microsoft control of websites targeting the Senate and two other DC think tanks, the Hudson Institute and the International Republican Institute. Microsoft argued in court that the sites had been posing as some of the company’s services.
“Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit,” Brad Smith, Microsoft’s president, wrote in a blog post at the time.