Russian hackers have targeted more than 200 political organizations working in the 2020 election, Microsoft Corp. announced Thursday.
“In recent weeks, Microsoft has detected cyberattacks targeting people and organizations involved in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns,” the company wrote in a post on its blog. Microsoft said the attacks included those “detected and stopped” by its security products, meaning it was not a comprehensive count of all attempts this year.
Microsoft a group known to the cybersecurity community as Strontium was responsible for targeting more than 200 entities, “including political campaigns, advocacy groups, parties and political consultants.” Another group based in China, Zirconium, “attacked high-profile individuals associated with the election,” including Democratic presidential nominee Joe Biden, while an Iran-linked group known as Phosphorous targeted individuals associated with President Donald Trump’s campaign.
“What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those they consult on key issues,” Microsoft added.
Earlier reports revealed some details of hacking efforts made by Russia’s Strontium against staffers at the Washington, D.C.-based communications firm SKDKnickerbocker. The methods used included phishing, which involves tricking subjects to click on a link enabling attackers to obtain login credentials. The firm performs work for a number of Democratic congressional campaigns as well as for Biden, so it isn’t clear whether the hackers had a specific target in mind.
In a statement, Kremlin spokesman Dmitry Peskov dismissed allegations of Russia’s involvement as “nonsense.”
Phishing was the same method hackers linked to Russia’s intelligence agency, the GRU, used in 2016 to successfully hack the Democratic Party and then-Democratic presidential nominee Hillary Clinton’s campaign chairman, John Podesta. Perpetrators in the latter case sent an email to Podesta’s Gmail account that appeared to be a warning from Google, which advised someone had “used your password.” That email offered a link for Podesta to click on to reset his password, which he did.
The same hackers breached servers that year belonging to the Democratic National Committee and the Democratic Congressional Campaign Committee. Thousands of emails obtained from those breaches were subsequently released by WikiLeaks and other websites leading up to the election. The DNC said it was similarly targeted by Russian hackers before and after the 2018 midterm elections.
National Counterintelligence chief William Evanina said in an August statement the intelligence community had assessed that Russia would seek to undermine Biden in the presidential election due to his “support for the anti-Putin opposition inside Russia” during his tenure as vice president. He added that China might work to undermine President Donald Trump’s reelection campaign because of his positions on the South China Sea and protesters in Hong Kong, among other issues.
Have a tip we should know? [email protected]