Kevin Poulsen reports in the Daily Beast that Robert Mueller’s indictment of 12 Russian intelligence officers contains the name of the author of X-Agent, the malware used to hack the DNC during the 2016 election campaign. It is Lt. Cap. Nikolay Yuryevich Kozachek, who works for the GRU, the Main Intelligence Directorate of the Russian Army, as part of their project code-named Fancy Bear.
In a widely-publicized lie this week, President Trump denied that Russia is still targeting US elections. This is part and parcel of Trump’s longstanding participation in the Russian disinformation campaign targeting US voters. In reality, the GRU has been gearing up for the 2018 midterms for some time and is already on the attack. Although the US government has said little about the details, Microsoft VP of security Tom Burt recently revealed that earlier this year Microsoft discovered a fake Microsoft domain used for phishing attacks, targeting three US candidates for election this year. Shaun Nichols reports in The Register that Burt declined to name the three candidates due to privacy concerns. Nichols goes on to give some good advice:
[S]ecuring your Microsoft Office 365 accounts with multi-factor authentication is crucial, to help thwart password phishing attempts
This advice should be carved onto the foreheads of anybody doing any campaigning or election work this year. If your organization is not already using multi-factor authentication (MFA), it is just asking the Russians to hack in. Get serious. It doesn’t matter whether you’re using software from Microsoft, Apple, Google, or anybody else: if you’re not using MFA you are asking for trouble. (And don’t use low-quality MFA, such as sending a number to a cell phone; that’s too easy to spoof.)
Microsoft’s recent announcement is not a new effort. They’ve been after Fancy Bear’s operations for two years, ever since the DNC breakins were announced; see Kevin Poulsen’s report a year ago in the Daily Beast. Although Microsoft will keep trying, Fancy Bear has countermeasures and you cannot rely on Microsoft’s efforts to save you, nor can you rely on the Trump administration, obviously. Defend yourself with MFA. It’s not the only countermeasure, but for most of us it’s the most crucial one.