Seattle, (Asian independent) Hackers with ties to Russia, China and Iran are attacking groups involved with the US presidential election, including people associated with both Joe Biden and Donald Trump for President campaigns, along with prominent leaders in the international affairs community, Microsoft has revealed.
Tom Burt, Corporate Vice President, Customer Security at Microsoft said that the activity makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the US government and others have reported.
The Strontium hacker group, operating from Russia, has attacked more than 200 organisations including political campaigns, advocacy groups, parties and political consultants.
“Zirconium, operating from China, has attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community,” Burt informed.
The Iran-based Phosphorus hacker group has continued to attack the personal accounts of people associated with the Donald J Trump for President campaign
The majority of these attacks were detected and stopped by security tools built into Microsoft products.
“We have directly notified those who were targeted or compromised so they can take action to protect themselves,” Burt said in a blog post.
The China-based Zirconium hacker group that has attempted nearly 150 compromises is targeting people closely associated with US presidential campaigns and candidates.
For example, it appears to have indirectly and unsuccessfully targeted the Joe Biden for President campaign through non-campaign email accounts belonging to people affiliated with the campaign.
The group has also targeted at least one prominent individual formerly associated with the Trump Administration.
“The group is targeting prominent individuals in the international affairs community, academics in international affairs from more than 15 universities, and accounts tied to 18 international affairs and policy organisations including the Atlantic Council and the Stimson Center,” Microsoft informed.
Strontium from Russia has been identified in the Robert Mueller report as the organisation primarily responsible for the attacks on the Democratic presidential campaign in 2016.
“Microsoft’s Threat Intelligence Center (MSTIC) has observed a series of attacks conducted by Strontium between September 2019 and today”.
Similar to what happened in 2016, Strontium is launching campaigns to harvest people’s log-in credentials or compromise their accounts, presumably to aid in intelligence gathering or disruption operations.
These targets include US-based consultants serving Republicans and Democrats, think tanks such as The German Marshall Fund of the US and advocacy organizations, national and state party organisations in the US and The European People’s Party and political parties in the UK.
Strontium has evolved its infrastructure over time, adding and removing about 20 IPs per day to further mask its activity.
Phosphorus is an activity group operating from Iran. The actor has operated espionage campaigns targeting a wide variety of organizations traditionally tied to geopolitical, economic or human rights interests in the Middle-East region.
Phosphorus has attempted to access the personal or work accounts of individuals involved directly or indirectly with the US presidential election.
“Between May and June 2020, Phosphorus unsuccessfully attempted to log into the accounts of administration officials and Donald J. Trump for President campaign staff,” Burt said.
“We are taking extra steps to protect customers involved in elections, government and policymaking,” he added.