Microsoft, China and Iran launch cyber attacks on presidential campaigns, Microsoft says

Hackers who work for Microsoft, China and Iran have recently stepped up their attacks in the US presidential race as Election Day looms, Microsoft says.

Microsoft’s vice president of customer security and trust Tom Burt wrote in a blog post published on Thursday that the company’s cyber security experts have seen a spike in hackers’ targeting campaigns recently.

“In recent weeks, Microsoft has detected a cyber attack targeting people and organizations involved in the upcoming presidential election,” Burt wrote.

As the company behind the Windows operating system and office program suite, Microsoft has extensive insights into the infrastructure that hackers use to launch attacks.

The presidential campaign is pushing into the final two months of the race – one in which national security officials as well as private companies are following Russia’s attempts to manipulate the 2016 election.

While hackers from all three countries have been seen targeting those tied to the campaigns of Joe Biden and President Donald Trump, Russia’s military intelligence agency, GRU, remains the biggest threat to intelligence at Mandan Solutions, a cyber security company Director of analysis John Holtquist said. .

“We are most concerned with Russian military intelligence, which we believe is the greatest threat to the democratic process,” Hultquist said in a text message.

Like the hack-leaked operation of Hillary Clinton’s 2016 presidential campaign and France’s President Emmanuel Aron’s 2017 campaign, “the GRU has carried out the most brutal and aggressive cyber attacks ever.”

Burt said that Russia had targeted more than 200 organizations, many of which were involved with US elections or European policy, including advisors to both the US chief and think tanks.

On Friday, the Russian government dismissed the allegations, with foreign ministry spokesman Maria Zakharova stating that “the Russian Federation has not interfered, is not interfering, and in any way the electoral process of the United States or any other country.” Will not interfere. “

In a separate, technical blog post, Microsoft found that Russian groups had been trying to use the old username and password combination against about 7,000 accounts in recent weeks, some of them related to the election, since August 18 until September. 3. None were successful.

A recent target was SKDKnickerbocker, a Washington law consulting company working with the Biden campaign. Reuters reported on Thursday that Microsoft recently alerted the firm to sending phishing emails to Russian intelligence firms that often want to steal login information that could provide access to private documents or systems. Microsoft declined to comment on that issue, and SKDKnickerbocker did not respond to a request for comment.

While Microsoft found no direct indication that Chinese hackers are asking for more information about the campaigns, they have “indirectly and unsuccessfully targeted to the presidential campaign through non-campaign email accounts related to those associated with the campaign.” “

Jamal Brown, Biden’s press secretary, noted in an email that Microsoft said the efforts were unsuccessful.

“We have known from the beginning of our campaign that we will be subject to such attacks and we are ready for them.”

Separately, Burt has written that “an activity group” operating from Iran had “unsuccessfully attempted to access Donald J. Trump’s accounts for administration officials and presidential campaign staff” in May and June.

Trump campaign deputy national press secretary Thia Macdonald said in an email that “it was not surprising to see malicious activity directed at the campaign.”

“We work closely with our partners, Microsoft and others to mitigate these threats. We take cyber security very seriously and do not comment publicly on our efforts,” he said.

Since only Russia has regularly hacked campaigns for leaking content, instead of just gathering intelligence, Iran’s targeting of Trump and Chinese hackers targeting Biden does not indicate a desire to see those candidates losing Get.

In a public statement in August, the Office of the Director of National Intelligence announced that each of those countries’ influence operations indicated a preference: China and Iran primarily maligned Trump, and Russia hurt Biden. Tried to deliver.

Christopher Krebs, director of the US Cyberspace and Infrastructure Security Agency, said Burt’s announcement was a warning to the US to be vigilant.

Krebs said in a statement, “The announcement is in line with earlier statements by the intelligence community on a range of malicious cyber activities targeting the 2020 campaign and reinforces that this is a nationwide effort to protect democracy . ” “Everyone involved in the political process should be alert to these types of attacks.”