State-sponsored Russian hackers who broke into Democratic National Committee emails before the 2016 election are now targeting anti-Trump Republicans.
Microsoft said it took down six websites linked to the Russian state including two designed to look like the homepages of the International Republican Institute and the Hudson Institute.
The hoax pages are intended to dupe users into entering their usernames and passwords for the real webpages, so the credentials can be used during attacks.
The International Republican Institute and the Hudson Institute are GOP think-tanks which have openly criticized Trump while seeking further sanctions against Moscow.
They have also worked to expose the shady dealings of Russian oligarchs and push for increased human rights.
Another target for their criticism was the two-hour closed-door meeting between Trump and Putin in Helsinki.
Other websites created by the hackers included three which mimicked US Senate websites and another which aped the Microsoft Office 365 login page.
Microsoft named the group behind the pages as Strontium, also known as Fancy Bear or APT28, which has links to the Russian military group GRU.
The attack used is known as spear-phishing and is the same kind of attack used to get into the emails of former DNC chair John Podesta.
Microsoft said: “We’re concerned that these and other attempts pose security threats to a broadening array of groups connected with both American political parties in the run-up to the 2018 elections.”
A federal grand jury in the U.S. indicted 12 Russian intelligence officers earlier in July on charges of hacking the computer networks of 2016 Democratic presidential candidate Hillary Clinton and the Democratic Party.
Special Counsel Robert Mueller is investigating Russia’s role in the 2016 election and whether the campaign of Donald Trump colluded with Moscow.
Russia denies meddling in the elections and Trump has denied any collusion.