By Maggie Miller, THE HILL, 09/10/20
© Getty Images
Microsoft on Thursday reported that it is seeing “increasing” cyberattacks originating in Russia, China and Iran targeting political groups, including the presidential campaigns of President Trump and former Vice President Joe Biden.
Tom Burt, corporate vice president of Customer Security and Trust at Microsoft, detailed in a blog post the efforts by three major foreign hacking groups to target the campaigns, along with other political organizations and individuals.
“The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported,” Burt wrote.
These efforts included Russian hacking group “Strontium” targeting over 200 organizations, political campaigns and parties over the past year, including U.S.-based consultants for the Democratic and Republican parties, think tanks such as the German Marshall Fund and political parties in the United Kingdom.
Strontium, also known as “Fancy Bear,” is the same group that hacked into the Democratic National Committee networks in 2016.
Microsoft took legal action against the group in 2017, with a federal court ordering the group to stop targeting Microsoft customers and using Microsoft logos in malicious email phishing campaigns.
“Strontium has evolved its tactics since the 2016 election to include new reconnaissance tools and new techniques to obfuscate their operations,” Burt wrote. “In 2016, the group primarily relied on spear phishing to capture people’s credentials. In recent months it has engaged in brute force attacks and password spray, two tactics that have likely allowed them to automate aspects of their operations.”
A second hacking effort announced by Microsoft on Thursday involved Chinese-based hacking group “Zirconium.” Microsoft reported evidence of “thousands” of attempted attacks by the group between May and September, with nearly 150 successful compromises.
Among the individuals targeted unsuccessfully by Zirconium were Biden campaign staffers. The group went after non-campaign emails.
Zirconium also targeted an unnamed former Trump administration official, along with individuals in the international affairs community, including those at 15 universities and groups such as the Atlantic Council and the Stimson Center.
“Zirconium, operating from China, has attempted to gain intelligence on organizations associated with the upcoming U.S. presidential election,” Burt wrote.
Additionally, Microsoft has observed continued attempts by Iranian cyber threat group “Phosphorus” to target the personal accounts of Trump campaign staffers. Phosphorus stepped up efforts between May and June to access personal or work email accounts of the staffers.
Microsoft previously put out an alert last year warning of attempts by Phosphorus to target an unnamed U.S. presidential campaign, which Reuters later reported was the Trump campaign. Microsoft took legal action against the group prior to this, filing a court case enabling the company to take control of 99 websites used by Phosphorus to conduct hacking operations.
Burt noted that the majority of the attempted cyberattacks by all three groups were unsuccessful, and that all those whose accounts were targeted or compromised had been notified.
The assessment by Microsoft was published a month after a senior official at the Office of the Director of National Intelligence put out a statement warning that Russia, China and Iran were actively taking steps to interfere in the U.S. presidential election, with Russian actors favoring Trump, and Chinese and Iranian groups favoring Biden.
A spokesperson for the Biden campaign did not respond to The Hill’s request for comment on Microsoft’s findings.
Thea McDonald, deputy national press secretary for the Trump campaign, told The Hill that it was “not surprising” that foreign groups were targeting the organization.
“As President Trump’s re-election campaign, we are a large target, so it is not surprising to see malicious activity directed at the campaign or our staff,” McDonald said. “We work closely with our partners, Microsoft and others, to mitigate these threats. We take cybersecurity very seriously and do not publicly comment on our efforts.”
Burt wrote that Microsoft made its findings because the company believes “it’s important the world knows about threats to democratic processes.”
He also urged Congress to appropriate more federal funds to help campaigns and election officials defend against malicious cyber actors. Congress has appropriated over $800 million for election security since 2018 in addition to the $400 million included in the CARES Act stimulus bill in March to help address challenges to elections posed by the COVID-19 pandemic.
Election officials and experts have argued a further $3.6 billion is needed to adequately the needs of state and local election officials. Democrats and Republicans have butted heads over the funds, with Democrats including $3.6 billion for elections in the House-passed HEROES Act stimulus bill, while Republicans have not included any funds for elections in recent proposed stimulus bills, citing concerns around federalizing elections.
“As election security experts have noted, additional funding is still needed, especially as resources are stretched to accommodate the shift in COVID-19 related voting,” Burt wrote. “We encourage Congress to move forward with additional funding to the states and provide them with what they need to protect the vote and ultimately our democracy.”