Russian, Chinese and Iranian hackers all targeting 2020 election, Microsoft says
Thursday’s disclosure sheds new light on efforts by Chinese and Iranian hackers to break into US political campaigns and suggests that Russian hacking efforts have continued apace.
Microsoft said the same Russian hacking group that was identified by US prosecutors as being primarily responsible for the attacks on the Democratic presidential campaign in 2016 had recently targeted national and state parties in the US and consultants who work for Republicans and Democrats. Microsoft said the Russians’ tactics had evolved since 2016 and include likely automated “brute force” attacks.
The report said the Russian group had targeted more than 200 organizations, many, Microsoft said, “are directly or indirectly affiliated with the upcoming U.S. election as well as political and policy-related organizations in Europe.”
Microsoft did not specify the number of organizations targeted by Chinese and Iranian groups.
Chinese hackers targeted Vice President Joe Biden’s campaign and at least one person formerly associated with President Donald Trump’s administration.
And between May and June of this year, Microsoft said, Iranian hackers tried to log into the accounts of Trump administration officials and Trump campaign staff.
“What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those who they consult on key issues,” Microsoft said.
It said it had alerted those who were targeted by the hackers, and the US intelligence community was briefed on the findings, two sources familiar with the discussions told CNN.
“The private sector plays a crucial role in the whole-of-society effort to safeguard our elections and national security,” an ODNI official told CNN Thursday when asked about Microsoft’s announcement. “We welcome their assistance and will continue partnering with them to combat foreign efforts to target political candidates, campaigns and others involved in the US elections.”
Microsoft has teams that track sophisticated hacking groups and the report released Thursday provide the most in-depth insight yet into how hackers are targeting the 2020 election.
Intelligence officials have said they have uncovered evidence that Russia is currently interfering in the election to hurt Biden’s campaign. Separately, some evidence has already emerged about Moscow’s alleged efforts, including Facebook’s announcement last week that a troll group that was part of Russia’s attempt to interfere in the 2016 US presidential election is trying to target Americans again.
But while the intelligence community has assessed that China and Iran prefer Trump to lose in November, officials have offered no indication, to date, that either country is acting on that preference in the same way as Russia, according to public statements issued by the intelligence community and sources familiar with the underlying evidence.
That has not stopped Trump and his top national security officials from sounding the alarm about China ahead of the election while downplaying the threat of Russian interference.
It is important to note that what Microsoft disclosed on Thursday is not the totality of foreign efforts to target American political campaigns. Google revealed in June that it had detected other attempts from China and Iran.
“As President Trump’s re-election campaign, we are a large target, so it is not surprising to see malicious activity directed at the campaign or our staff. We work closely with our partners, Microsoft and others, to mitigate these threats. We take cybersecurity very seriously and do not publicly comment on our efforts,” Trump campaign spokesperson Thea McDonald told CNN Thursday when asked about the announcement.
A Biden campaign official told CNN they were taking the report seriously.
“We are aware of reports from Microsoft that a foreign actor has made unsuccessful attempts to access the non-campaign email accounts of individuals affiliated with the campaign. We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them. Biden for President takes cybersecurity seriously, we will remain vigilant against these threats, and will ensure that the campaign’s assets are secured,” they said.
CNN is reaching out to the governments of Russia, China and Iran for comment.
Microsoft detailed how each hacking group targeted people tied to the 2020 election:
The infamous Russian military intelligence hacking group “Fancy Bear” that attacked the Democrats in 2016 targeted consultants working with Republicans and Democrats, national and state party organizations in the US, and think tanks including The German Marshall Fund of America.
“Many of Strontium’s targets in this campaign, which has affected more than 200 organizations…