The Department of Homeland Security will hold a conference call for Microsoft representatives to brief state election officials on new evidence showing Russian hackers have targeted the U.S. Senate and conservative think tanks, according to senior DHS cybersecurity adviser Matthew Masterson.
The goal will be to turn Microsoft’s observations into actionable security advice for state officials as the November midterms approach. The conference call, which Masterson said had not been scheduled yet, will be an opportunity for state officials to study the latest techniques from the Russian hacking group, often known as Fancy Bear, that breached Democratic Party organizations in the 2016 U.S. presidential campaign.
Speaking to reporters Tuesday, Masterson said Microsoft’s takedown of internet domains allegedly set up by Fancy Bear showed “a growing interaction and relationship that we have with industry.” Asked if he anticipated that private companies would need to take similar action in the future, Masterson said the Russian government-backed cyber activity “is ongoing and so I would hope and anticipate that these kind of responsible actions by the private sector will continue.”
Late Monday, Microsoft revealed that it had executed a court order to seize six domains from the Russian hackers, including ones that mimicked websites associated with the Senate and think tanks International Republican Institute and the Hudson Institute.
“We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections,” Microsoft President Brad Smith wrote in a blog post.
DHS held a similar call earlier this month with Facebook representatives and state officials after the social-media giant identified an “inauthentic” and coordinated political influence campaign on its platform.
Last week, DHS hosted an unprecedented election security exercise in which officials from 44 states walked through a multi-faceted cyberattack scenario that included spearphishing and denial-of-service attacks on board of election websites.
Masterson told CyberScoop that the drill helped state officials realize the extent of support that county personnel need to bolster their security.
“The state officials that had county officials with them in the room…really gained a better understanding of the level of support and information-sharing that the counties need,” Masterson said.