Hackers working for Russia, China and Iran have recently escalated their attacks around the U.S. presidential race as Election Day looms, Microsoft says.
Microsoft’s vice president of customer security and trust, Tom Burt, wrote in a blog post published Thursday that the company’s cybersecurity experts had recently seen an uptick in hackers’ targeting campaigns.
“In recent weeks, Microsoft has detected cyberattacks targeting people and organizations involved in the upcoming Presidential election,” Burt wrote.
As the company behind the Windows operating system and the Office program suite, Microsoft has broad insight into the infrastructure that hackers use to launch attacks.
The presidential campaigns are pushing into the final two months of the race — one that has national security officials as well as private companies on edge after Russia’s election manipulation efforts of 2016.
While hackers from all three countries have been spotted targeting people tied to Joe Biden and President Donald Trump’s campaigns, Russia’s military intelligence agency, the GRU, remains the biggest threat, said John Hultquist, the director of intelligence analysis at Mandiant Solutions, a cybersecurity company.
“We remain most concerned by Russian military intelligence, who we believe poses the greatest threat to the democratic process,” Hultquist said in a text message.
“The GRU has carried out many of the most brash and aggressive cyberoperations to ever come to light,” Hultquist said, like the hack-and-leak operations of Hillary Clinton’s 2016 presidential campaign and French President Emmanuel Macron’s 2017 campaign.
Russia had targeted over 200 organizations, many of which were in some way affiliated with the U.S. election or European policy, including consultants to both major U.S. parties and think tanks, Burt said.
On Friday, the Russian government dismissed the allegations, with foreign ministry spokesperson Maria Zakharova saying that “the Russian Federation did not interfere, is not interfering, and will not in any way interfere in the electoral process of the United States or any other country.”
In a separate, technical blog post, Microsoft found that there had been a particular uptick in recent weeks of Russian groups’ trying to use old username and password combinations against nearly 7,000 accounts, some of them election related, from Aug. 18 to Sept. 3. None were successful.
One recent target was SKDKnickerbocker, a Washington law consulting firm working with the Biden campaign. Reuters reported Thursday that Microsoft recently warned the firm that Russian intelligence has been sending phishing emails to the firm, which often seek to steal login information that can provide access to private documents or systems. Microsoft declined to comment on that issue, and SKDKnickerbocker didn’t respond to a request for comment.
While Microsoft found no direct indication that Chinese hackers are seeking more than information on the campaigns, they have “indirectly and unsuccessfully targeted the Joe Biden for President campaign through non-campaign email accounts belonging to people affiliated with the campaign,” Burt wrote.
Jamal Brown, Biden’s press secretary, noted in an email that Microsoft said the attempts were unsuccessful.
“We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them,” he said.
Separately, Burt wrote that “an activity group” operating from Iran had “unsuccessfully attempted to log into the accounts of Administration officials and Donald J. Trump for President campaign staff” in May and June.
Thea McDonald, deputy national press secretary for the Trump campaign, said in an email that it was “not surprising to see malicious activity directed at the campaign.”
“We work closely with our partners, Microsoft and others, to mitigate these threats. We take cybersecurity very seriously and do not publicly comment on our efforts,” she said.
As only Russia has routinely hacked campaigns to leak material, rather than simply gathering intelligence, Iranians’ targeting Trump and Chinese hackers’ targeting Biden don’t necessarily indicate a desire to see those candidates lose.
In a public statement in August, the Office of the Director of National Intelligence announced that those countries’ influence operations did each indicate a preference: China and Iran primarily denigrated Trump, and Russia sought to hurt Biden.
Christopher Krebs, director of the U.S. Cybersecurity and Infrastructure Security Agency, said Burt’s announcement was a reminder for the U.S. to stay vigilant.
“The announcement is consistent with earlier statements by the Intelligence Community on a range of malicious cyber activities targeting the 2020 campaign and reinforces that this is an all-of-nation effort to defend democracy,” Krebs said in a statement. “Everyone involved in the political process should stay alert against these sorts of attacks.”