On August 20, 2018, Microsoft announced it identified an attempt to steal data from NGOs and think tanks in the United States, including the International Republican Institute (IRI) and the Hudson Institute. Microsoft traced the attack to Russian military intelligence agency (GRU)-connected Fancy Bear, or APT28. The group was apparently laying the groundwork for a spear phishing campaign by mimicking the targets’ websites to obtain user login information. In addition to the think tanks, Microsoft identified and seized spoofed domains “associated with several Senate offices and services.”