Weeks after Microsoft revealed it detected Russian hackers targeting multiple 2018 campaigns (including Senator Claire McCaskill) the company is announcing it found and disabled six spoof domains created by "a group widely associated with the Russian government." That group is known as APT28, Fancy Bear or Strontium, and has been tagged as responsible for some of the hacking that occurred prior to the 2016 presidential election.
Microsoft president Brad Smith wrote in a blog post that its Digital Crimes Unit used a court order to take control of these domains: my-iri.org, hudsonorg-my-sharepoint.com, senate.group, adfs-senate.services, adfs-senate.email and office365-onedrive.com. The IRI and Hudson URLs in particular could've been used to impersonate two conservative think tanks, although Microsoft said it has no evidence they've been used in successful attacks. Combined with other attempts Microsoft detected, Smith wrote: "Taken together, this pattern mirrors the type of activity we saw prior to the 2016 election in the United States and the 2017 election in France."