“Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks,” Tom Burt, Microsoft’s vice president for security and trust, said at the Aspen Security Forum.
“And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections,” he added.
Burt said that Microsoft and the government were able to take the domain down and block the phishing messages.
The executive did not disclose the names of the candidates targeted but said they were “people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint.”
Hackers used a similar strategy to make their way into Democratic National Committee servers in 2016.
Burt did not specify if Microsoft believed the hackers were Russian. He did, however, say that analysts had reported fewer instances of Russian hacking attempts than in 2016.
“The consensus of the threat intelligence community right now is that we’re not seeing the same level of activity by the Russian activity groups,” he said. “We don’t see the activity of them trying to infiltrate think tanks and academia and in social networks to do the research that they do to build the phishing attacks.”
Burt noted though “that doesn’t mean we’re not going to see it. There’s a lot of time left before the election.”