Groups from Russia, China and Iran have stepped up cyber-attacks in an effort to disrupt the U.S. presidential election in November, a Microsoft Corp. investigation found.
The groups have increased cyber-attacks targeting the political campaigns of Democratic presidential nominee Joe Biden and U.S. President Donald Trump, advocacy groups, political parties, academics and leaders in the international affairs community, according to a blog post by Tom Burt, corporate vice president of customer security and trust at Microsoft, on Thursday.
SKDKnickerbocker, a public affairs and political consulting firm working with Biden’s campaign, was recently targeted in an unsuccessful hack by suspected Russian state-backed hackers, according to a Thursday report by Reuters, which said that Microsoft had alerted the firm.
The attempted hack on SKDKnickerbocker reflects a broader trend that was documented by Microsoft, that a Russia-based group had attacked “political campaigns, advocacy groups, parties, and political consultants.”
Microsoft reported that more than 200 organizations directly or indirectly tied to the U.S. election and political organizations in Europe were affected by a Russian-operated group, called Strontium, including U.S.-based consultants serving Republicans and Democrats. The same group was also identified in the report by Special Counsel Robert Mueller as being responsible for the attacks on the Democratic presidential campaign in 2016, according to Microsoft. (Strontium is also known as APT28, or Fancy Bear).
Microsoft also reported unsuccessful cyber-attacks from Iran on people associated with the Trump campaign, and attempted attacks from China on people associated with the Biden campaign, as well as a “prominent” individual formerly associated with the Trump administration. The people who were targeted weren’t named. The Chinese group, referred to as Zirconium, has mounted thousands of attacks from March through September on campaign officials as well as prominent academics and others in international affairs. Of those attempts, about 150 were successful breaches, but Microsoft didn’t identify the victims other than to say they weren’t associated the presidential campaigns.
Microsoft’s findings echo those of U.S. government officials. In August, William Evanina, head of the National Counterintelligence and Security Center, said Russia, China and Iran are trying to “use covert and overt influence measures in their attempts to sway U.S. voters’ preferences and perspectives, shift U.S. policies, increase discord in the United States, and undermine the American people’s confidence in our democratic process.” And on Wednesday, Chad Wolf, acting secretary of the Department of Homeland Security, said “the governments of China, Iran and Russia target our election systems, each with its own separate and nefarious motives and tactics.”
The recent attacks reveal that “foreign activity groups have stepped up their efforts targeting the 2020 election,” according to Microsoft. “What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those who they consult on key issues.”
The majority of attacks were detected and stopped by security tools built into Microsoft’s software, Burt said.
Foreign groups used tactics including rotating IP addresses to disguise attacks, web bugs planted in purchased domain names and phishing, in an effort to harvest log-in credentials and gain information on targeted individuals and organizations. Phishing attacks can be for routine espionage against campaigns or, in some cases, to conduct hack and leak operations — a key feature in Russia’s campaign to help Trump and hurt Hillary Clinton in 2016.
Disinformation experts are on high alert for strategic leaks of real or fabricated documents in the weeks ahead of Nov. 3, a foreign influence tactic that could significantly harm the candidate targeted, particularly if there is not enough time for them to adequately respond ahead of Election Day.
“We disclose attacks like these because we believe it’s important the world knows about threats to democratic processes,” Burt said. He also said more federal funding is needed in the U.S. so states can better protect their election infrastructure.