Hackers from three countries — Russia, China, and Iran — are attempting to infiltrate campaign staffers, think tanks and consultants in order to influence the U.S. presidential election, according to Microsoft.
The software company shared a blog post saying that Microsoft detected cyberattacks “targeting people and organizations involved in the upcoming presidential election.” Those attacks came from three separate groups operating from three countries, wrote Tom Burt, corporate vice president of customer security and trust.
Contradicting an assessment by the director of national intelligence that claimed China preferred a Biden victory, Microsoft said that China’s Zirconium hacking group has launched “thousands of attacks” mostly targeting Biden campaign staff and “prominent leaders in the international affairs community.” The company said it had only detected one Zirconium target who was formerly affiliated with President Trump’s administration.
Another organization, Strontium, out of Russia has also attacked the election, targeting “200 organizations including political campaigns, advocacy groups, parties and political consultants.” Strontium is related to Russia’s G.R.U. military intelligence agency, which carried out the cyberattacks that leaked emails from Hillary Clinton’s campaign chairman John Podesta in 2016. Strontium was also named in the Mueller report as being responsible for the 2016 cyberattacks.
In just two weeks between August 18th and September 3rd, Microsoft said that Strontium targeted 6,912 accounts belonging to 28 organizations by trying to harvest login credentials, although none of the accounts was compromised. Strontium has changed its approach since 2016, using “brute-force/password-spray tooling” which lets them “execute large-scale credential harvesting operations in a more anonymized manner.”
Additionally, Iran’s Phosphorus hacking group, which usually focuses on the Middle East region, has attacked the personal accounts of Trump campaign staff and administration officials.
Microsoft says that most of these attacks were “detected and stopped” by their software security, and they have not found evidence of successful attacks. Biden’s campaign said in a statement that they are “aware of reports from Microsoft that a foreign actor has made unsuccessful attempts to access the noncampaign email accounts of individuals affiliated with the campaign.” And, they said, the campaign has been preparing for this type of activity to ramp up as the election nears.
Christopher Krebs, who leads the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued a statement saying that Microsoft’s conclusions are “consistent with earlier statements by the Intelligence Community on a range of malicious cyber activities targeting the 2020 campaign.” He added, “It is important to highlight that none [of the targets] are involved in maintaining or operating voting infrastructure and there was no identified impact on election systems.”
This discovery comes two weeks after Director of National Intelligence John Ratcliffe announced that intelligence agencies would cease delivering in-person briefings to Congress on election interference and just one day after a government whistleblower accused White House and Homeland Security officials of downplaying intelligence assessments about Russian election interference because it “made the president look bad.” Instead, the whistleblower said, government analysts were told to focus on threats coming from China and Iran.