Hackers from Russia, China, and Iran are targeting individuals and organizations involved in both Donald Trump and Joe Biden’s presidential campaigns, according to a new security report from Microsoft. The tech giant says the “majority” of the attacks it’s detected have been unsuccessful, but it’s working with targets who have been compromised.
Notably, Microsoft says that the Russian hacking group known variously as Fancy Bear, Strontium, or APT28, which successfully targeted Hillary Clinton’s presidential campaign in 2016, has returned to look for new targets in the upcoming 2020 election. President Trump downplayed Russia’s connection to the Clinton hackers throughout the 2016 campaign, and recent reports indicate he has actively suppressed US intelligence reporting on Russian threats to the US election.
Russian hackers who targeted Clinton are back for a swipe at Biden
Microsoft says Strontium has targeted more than 200 organizations in total, including political consultants working for both Republicans and Democrats and think tanks like The German Marshall Fund of the United States. According to a report from Reuters, the hacking group also targeted a campaign strategy and communications firm named SKDKnickerbocker that is working with Biden and other “prominent Democrats.”
Biden’s campaign confirmed to Reuters it was aware that a foreign actor had unsuccessfully tried to access “non-campaign email accounts of individuals affiliated with the campaign.” Reuters says Microsoft alerted Biden’s campaign to the attack.
In addition to attacks originating in Russia, Microsoft said hackers from China had targeted “high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign,” while hackers from Iran “continued to attack the personal accounts of people associated with the Donald J. Trump for President campaign.”
Microsoft says the Chinese group, known as Zirconium or APT31, has successfully compromised nearly 150 targets. The Iranian group, known as Phosphorous or APT35, seems to have been less successful, with Microsoft saying it has tried and failed to “log into the accounts of administration officials and Donald J. Trump for President campaign staff.”
“Foreign activity groups have stepped up their efforts targeting the 2020 election”
“The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated,” writes Microsoft in a blog post. “What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those they consult on key issues.”
Cybersecurity firm FireEye said that out of all these recently disclosed attacks, it was most concerned about the Russian group. In a note sent by FireEye to its customers, which was reported by Wired, the company said it was Strontium’s past history of conducting “follow-on informations operations” that made it most dangerous. This means not just hacking targets for intelligence, but then sharing that information for political ends.
“We remain most concerned by Russian military intelligence,” said FireEye in its note, “who we believe poses the greatest threat to the democratic process.”