Thursday’s disclosure sheds new light on Chinese and Iranian hackers’ attempts to break into US political campaigns and suggests that Russian hacking efforts have accelerated.
Microsoft said that the same Russian hacking group, identified by US prosecutors, was primarily responsible for the attacks on the Democratic presidential campaign in 2016, which recently targeted national and state parties and advisers in the US that Work for Republicans and Democrats. Microsoft said Russia’s strategy has evolved since 2016 and includes potential automated “brute force” attacks.
The report said that the Russian group targeted more than 200 organizations, many, Microsoft said, “directly or indirectly affiliated with political and policy-related organizations in Europe, along with the upcoming US election.”
Microsoft did not specify the number of organizations targeted by Chinese and Iranian groups.
Chinese hackers targeted Vice President Joe Biden’s campaign and at least one person previously associated with President Donald Trump’s administration.
And between May and June of this year, Microsoft said, Iranian hackers tried to access the accounts of Trump administration officials and Trump campaign employees.
“What we have seen is consistent with previous attack patterns that target not only candidates and campaign staff, but also those they consult on key issues,” Microsoft said.
It said it had alerted those targeted by the hackers, and the findings were reported to the US intelligence community, two sources familiar with the discussion told CNN.
When asked about Microsoft’s announcement on Thursday, an ODNI official said, “The private sector plays an important role in the whole society’s effort to protect our election and national security.” “We welcome their assistance and will continue to partner with them to counter foreign efforts to target political candidates, campaigns and others involved in US elections.”
Microsoft has teams that track sophisticated hacking groups and the report released on Thursday provides an in-depth insight into how hackers are targeting the 2020 election.
Intelligence officials have said they have evidence that Russia is currently interfering in the election to hurt Biden’s campaign. Separate evidence has already surfaced about Moscow’s alleged efforts, including last week’s Facebook announcement that the troll group that was part of Russia’s intervention in the 2016 US presidential election would send Americans back Trying to target
But when the intelligence community assessed that China and Iran preferred to defeat Trump in November, officials have given no indication to date that either country is acting on the same priority as Russia, According to public statements released by Intelligence. Communities and sources familiar with the underlying evidence.
This has not stopped Trump and his top national security officials from sounding the alarm about China before the election, reducing the risk of Russian interference.
It is important to note that what Microsoft revealed on Thursday is not the totality of foreign efforts to target US political campaigns. Google revealed in June that it had traced other efforts from China and Iran.
“As President Trump’s election campaign, we are a big target, so it is not surprising to see the campaign or malicious activity directed by our employees. We work closely with our partners, Microsoft and others to mitigate these threats We do.” Cyberspecific does not comment very seriously and publicly on our efforts, ”Trump campaign spokesman Thea Macdonald told CNN on Thursday when asked about the announcement.
A Biden campaign official told CNN that they were taking the report seriously.
“We are aware of reports from Microsoft that a foreign actor has made unsuccessful attempts to access non-campaign email accounts of individuals associated with the campaign. We know from the beginning of our campaign that we will be subject to such attacks and we Ready for them. For the President, Biden takes cybersecurity seriously, we will be vigilant against these threats, and ensure that campaign assets are protected, “he said.
CNN is reaching out to the governments of Russia, China and Iran for comment.
Microsoft detailed how each hacking group targeted those involved with the 2020 election:
The “fancy bear”, the notorious Russian military intelligence group that attacked the Democrats in 2016, targeted Republicans and Democrats, advisors working with national and state party organizations in the US and considered tanks including the US German Marshall Fund.
Sidney Simon, a German Marshall Fund spokesman, said there was no evidence of hacking attempts that targeted him.
The company stated, “Many of the strontium targets in this campaign, which have affected more than 200 organizations in total, are directly or indirectly linked to the upcoming US election as well as political and policy-related organizations in Europe.” ”
Microsoft, which references “fancy beer” by its other moniker “Strontium”, said Russian hackers had developed their own strategy since the 2016 election to “incorporate new reconnaissance equipment and new technologies into their operations.” To interrupt. ”
“In 2016, the group relied mainly on spear phishing to capture people’s credibility. In recent months it has engaged in brute force attacks and password sprays, two tips that have likely automated aspects of their operations. Is allowed to do, ”Microsoft said.
The Russian government has denied attempts to interfere in the 2016 election.
In response to Microsoft’s findings, John Holtquist, a senior director at cyber security firm FireEye, said in a memo to the company’s customers, “Many cyber espionage actors have targeted organizations linked to the upcoming election, but by Russian military intelligence Are most concerned. ” , Which we believe is the biggest threat to the democratic process. ”
Hultquist mentioned how this particular Russian hacking group is tied to cyber attacks and violating destructive international norms.
He added that the goal of political organizations is “a common feature of cyber espionage. Favors and campaigns on future policy are good sources of intelligence and it is likely that Iranian and Chinese actors targeted American campaigns to quietly gather intelligence,” “But said it is” unique “of the Russian group. History “leaking hacking material” increases the likelihood of following information operations or other destructive activities. ”
Microsoft said Chinese hackers unsuccessfully targeted the Biden campaign through non-campaign email accounts of people associated with the campaign.
“The group has already targeted at least one key person with the Trump administration,” the company said.
The hacking group also targeted academics, universities and think tanks, including the Atlantic Council, Microsoft. In total, it stated that “thousands of attacks from zirconium have been detected between March 2020 and September 2020 resulting in approximately 150 agreements.”
Underscoring the activity of the hacking group “Phosphorus”, which Microsoft says is operating from Iran, the company said, “Between May and June 2020, Phosphorus released administration officials and Donald to employees of the presidential campaign Tried unsuccessfully to enter Trump’s accounts. “