Russia, China and Iran target US elections

Microsoft on Thursday reported that it is seeing “increasing” cyberattacks originating in Russia, China and Iran targeting its customers, including those in political groups and the presidential campaigns of President Trump and former Vice President Joe Biden.

Tom Burt, corporate vice president of customer security and trust at Microsoft, detailed in a blog post the efforts by three major foreign hacking groups to target the campaigns, along with other political organizations and individuals.

“The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported,” Burt wrote.

The company reported that Russian hacking group “Strontium” targeted more than 200 organizations, political campaigns and parties over the past year, including U.S.-based consultants for the Democratic and Republican parties, think tanks such as the German Marshall Fund and political parties in the United Kingdom.

Strontium, also known as “Fancy Bear,” is the same group that hacked into the Democratic National Committee networks in 2016.

Microsoft took legal action against the group in 2017, with a federal court ordering the group to stop targeting Microsoft customers and using Microsoft logos in malicious email phishing campaigns.

“Strontium has evolved its tactics since the 2016 election to include new reconnaissance tools and new techniques to obfuscate their operations,” Burt wrote. “In 2016, the group primarily relied on spear phishing to capture people’s credentials. In recent months, it has engaged in brute force attacks and password spray, two tactics that have likely allowed them to automate aspects of their operations.”

A second hacking effort announced by Microsoft on Thursday involved Chinese-based hacking group “Zirconium.” Microsoft reported evidence of “thousands” of attempted attacks by the group between May and September, with nearly 150 successful compromises.

Among the individuals targeted unsuccessfully by Zirconium were Biden campaign staffers. The group went after non-campaign emails.