Microsoft has detected numerous attempted cyberattacks by foreign hackers against people and organisations involved in the upcoming US presidential election. According to the US software giant, the attacks have targeted both sides of the election, the Trump and Biden campaigns.
The attacks have largely been attempts to compromise email accounts in order to access sensitive information. Microsoft stated that there is currently no evidence that election systems have been affected.
Microsoft said that most of the attacks were detected and stopped by security tools built into its products. “We have directly notified those who were targeted or compromised so they can take action to protect themselves,” the company said in a statement.
The blame for the unsuccessful attacks has largely been placed on foreign hacker groups. “The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated,” Microsoft said.
A previous announcement from US National Counterintelligence and Security Center (NCSC) Director William Evanina warned that foreign influence would present a significant threat to the US during the runup to the election.
“Ahead of the 2020 US elections, foreign states will continue to use covert and overt influence measures in their attempts to sway US voters’ preferences and perspectives, shift US policies, increase discord in the United States, and undermine the American people’s confidence in our democratic process,” it said.
- Taiwan subject to string of Chinese cyberattacks since 2018
- Watchdog claims 1bn Android devices at risk of cyberattacks
Three groups of foreign hackers from Russia, China and Iran were identified by Microsoft as being behind the attacks.
Russia-based Strontium (more commonly called Fancy Bear or APT28) is alleged to have attacked around 200 organisations, including political campaigns, advocacy groups, parties and political consultants. Fancy Bear is widely believed to have links to the Russian government.
Strontium has been seeking to harvest log-in credentials and compromise accounts, “presumably to aid in intelligence gathering or disruption operations”.
This group was previously linked to attacks on the Democrat Party during the 2016 presidential election. Microsoft noted that since then the group’s tactics have evolved, with the hackers automating their brute force attacks.
From China, Zirconium (Judgement Panda or APT31) has been linked to attacks on high-profile individuals linked with Joe Biden’s campaign, along with prominent leaders in the international affairs community. APT31 has been linked to the Chinese government, conducting network operations and stealing intellectual property theft at its behest.
Iranian Phosphorus (Charming Kitten or APT35) has attacked personal accounts of people associated with the Donald Trump’s campaign. A comparatively unsophisticated group, it is involved in espionage, phishing campaigns and commonly targets Iranian experts working in academia, human rights and media.
- GCHQ Reportedly Investigating Possible London Stock Exchange Cyberattack
- Leader Insights | Cybersecurity Essentials with CISO Jordan Schroeder
“What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those they consult on key issues. These activities highlight the need for people and organisations involved in the political process to take advantage of free and low-cost security tools to protect themselves as we get closer to election day,” said Microsoft.
The NCSC warned that the three main countries behind the hacks are each pursuing different agendas.
China aims to prevent Trump, who it views as unpredictable, from winning the election, while also deflecting criticism of Chinese government policies. Russia is seeking to discredit Biden, who it considers to be anti-Russian, over his policies on Ukraine when Biden was vice-president.
Iran is seeking to undermine US democratic institutions and sow division in the country, along with opposing President Trump, who re-imposed sanctions on Iran after an Obama-era deal lifted them.
However, the foreign hackers have attacked various groups across the political spectrum. For example, Russian hackers have attacked both Republican and Democrat-linked individuals, while Chinese hackers have targeted people working with Biden’s campaign.
Russian hackers have also targeted “businesses in the entertainment, hospitality, manufacturing, financial services and physical security industries,” said Microsoft, suggesting a wide scale to their operations.