Microsoft recently stopped an effort to hack three US candidates up for election this year.

The attack relied on a spoofed Microsoft domain to target the candidates' campaign, company vice president Tom Burt said during a panel session at the Aspen Security Forum on Thursday.

"Earlier this year we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks," he said. "We saw metadata that suggested those phishing attacks were being directed at three candidates."

Burt didn't go into details, but phishing attacks usually involve hackers sending an email to the recipients, with the goal of tricking them into visiting a webpage designed to secretly install malware or fool someone into giving up their passwords.

Fortunately, in this case, Microsoft seized the domain before the attack could infect any computer. Although Burt declined to name the candidates targeted, he said: "They were all people, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint."

Burt raised the issue when talking about Microsoft's efforts to stop Russian state-sponsored election meddling. During the 2016 presidential election, the company's security teams noticed what many believe to be a Russian hacking group target Democrats using spoofed Microsoft domain names, Burt said.

Microsoft's reveal comes as US officials warn that Russian actors will try to interfere with the 2018 mid-term elections and the country's critical infrastructure.

So far, Burt said Russian efforts to meddle with the 2018 mid-terms, haven't matched the level of activity the company saw during the 2016 election, which involved attacks on think tanks and academia and using social networking services to research potential targets.

"It doesn't mean weren't not going to see it," he added. "There's a lot of time left until the election."

Further Reading

Security Reviews