In December 2018, Russian military intelligence agency (GRU)-connected hacking group APT28 targeted the Center for Strategic and International Studies (CSIS), a Washington D.C. based think tank, according to court filings. The Daily Beast reported that APT28 hackers set up an array of fake websites mimicking CSIS internal cyberinfrastructure, designed to fool CSIS staffers into inputting their credentials, and a mail server mimicking CSIS systems. Microsoft, which initially identified the activity, also announced that APT28 hackers had set up a fake domain that seemed to mimic an internal login site for Radio Free Europe/Radio Liberty, a U.S. government-funded independent media outlet. Earlier in 2018, Microsoft identified a similar campaign linked to APT28 that targeted other U.S. think tanks and NGOs.