BOSTON -- The Russian military intelligence unit that sought to influence the 2016 election appears to have a new target: conservative American think tanks that have broken with President Donald Trump and are seeking continued sanctions against Moscow, exposing oligarchs or pressing for human rights.

In a report scheduled for release today, Microsoft Corp. said that it detected and seized websites that were created in recent weeks by hackers linked to the Russian unit formerly known as the GRU. The sites appeared meant to trick people into thinking they were clicking through links managed by the Hudson Institute and the International Republican Institute, but were secretly redirected to Web pages created by the hackers to steal passwords and other credentials.

Microsoft also found websites imitating the U.S. Senate, but not specific Senate offices or political campaigns.

The shift to attacking conservative think tanks underscores the Russian intelligence agency's goals: to disrupt any institutions challenging Moscow and President Vladimir Putin of Russia.

The Hudson Institute has promoted programs examining the rise of kleptocracy in governments around the world, with Russia as a prime target. The International Republican Institute, which receives some funding from the State Department and the U.S. Agency for International Development, has worked for decades in promoting democracy around the world.

"We are now seeing another uptick in attacks. What is particular in this instance is the broadening of the type of websites they are going after," Microsoft's president, Brad Smith, said Monday in an interview.

"These are organizations that are informally tied to Republicans, so we see them broadening beyond the sites they have targeted in the past," he said.

The International Republican Institute's board of directors includes several Republican leaders who have been highly critical of Trump's interactions with Putin, including a summit meeting last month between the two leaders in Helsinki.

Among them are Sen. John McCain of Arizona; Mitt Romney, a former presidential candidate; and -- though he was silent on Trump's appearance in Helsinki -- Lt. Gen. H.R. McMaster, who was replaced in the spring as the White House national security adviser. McMaster, who is now retired, had been the author of the national security strategy that called for treating Russia as a "revisionist power" and confronting it around the world.

"This is another demonstration of the fact that the Russians aren't really pursuing partisan attacks, they are pursuing attacks that they perceive in their own national self-interest," Eric Rosenbach, the director of the Defending Digital Democracy project at Harvard University, said Monday. "It's about disrupting and diminishing any group that challenges how Putin's Russia is operating at home and around the world."

The State Department has traditionally helped fund both Republican and Democratic groups that engage in promoting democracy.

Daniel Twining, president of the International Republican Institute, called the apparent spear-phishing attempt "consistent with the campaign of meddling that the Kremlin has waged against organizations that support democracy and human rights."

"It is clearly designed to sow confusion, conflict and fear among those who criticize Mr. Putin's authoritarian regime," Twining said in a statement.

The goal of the Russian hacking attempt was unclear, and Microsoft was able to catch the spoofed websites as they were set up.

But Smith said that "these attempts are the newest security threats to groups connected with both American political parties" ahead of this fall's election.

"The Russians are seeking to disrupt and divide," he said. "There is an asymmetric risk here for democratic societies. The kind of attacks we see from authoritarian regimes like Russia are seeking to fracture and splinter groups in our society."

Senior U.S. intelligence officials have also warned that the midterm elections will be targeted by foreign governments looking to influence American voters.

Last month, in a report first released to members of Congress, Facebook revealed that it had discovered and eliminated an influence operation aimed at fueling divisions among Americans by targeting progressive groups. Facebook stopped short of naming Russia as the culprit of that campaign, although the social media company pointed to similarities between the influence operation and previous work by the Russian state-linked Internet Research Agency.

WEBSITE FAKERY

The attempt revealed by Microsoft mirrored efforts by Russian state-backed hackers ahead of the 2016 presidential election.

After the 2016 vote, a number of cybersecurity companies discovered websites that had been created by Russian hackers to spoof, or mimic, those of well-known institutions. Among the think tanks targeted were the Council on Foreign Relations and Eurasia Group, both headquartered in New York, the Center for a New American Security in Washington, Transparency International in Berlin and the London-based International Institute for Strategic Studies.

A single letter, or even a punctuation mark, was often the only difference between the real and fake websites.

The fake websites were used as the conduit for a number of attacks, including persuading victims to download harmful malware or reveal passwords and other personal information. But for the past year Microsoft has grown increasingly aggressive in countering them.

In 2016, a federal judge in Virginia agreed that the group Microsoft calls "Strontium" and others call "APT 28" for "advanced persistent threat," would continue its attacks. The judge appointed a "special master" with the power to authorize Microsoft to seize fake websites as soon as they are registered. As a result, the hackers have lost control of many of the sites only days after creating them.

But it is a constant cat-and-mouse game, as the Russian hackers seek new vectors of attack while Microsoft and others seek to cut them off.

"These attacks keep happening because they work. They are successful again and again," said Thomas Rid, a professor of strategic studies at Johns Hopkins University, who doubts whether anyone can stay ahead of the hackers.

Last month, Microsoft announced that it had detected and helped block similar cyberattacks against two senators who are up for re-election. Sen. Claire McCaskill, D-Mo., acknowledged that her campaign was one of them.

Microsoft says it is now expanding its effort to help political candidates counter foreign influence. It is starting an initiative it calls AccountGuard to bolster protections to candidates and campaign offices at the federal, state and local level, as well as think tanks and political organizations.

With the midterms less than three months away, Microsoft said greater cooperation was needed between tech companies and the federal government over efforts to meddle in the U.S. elections.

"Over the last year the larger tech companies, in particular, have put into place stronger information sharing practices where we have seen these threats emerge," Smith said. "Those agreements, however, are informal."

A Section on 08/21/2018