As the U.S. presidential election is barely two months away, Microsoft has warned that hackers operating from Russia, China and Iran are attempting to pry on people and organizations involved in the process.
The tech giant said in a report published Thursday that in recent weeks, it has detected cyberattacks targeting people associated with the campaigns of both President Donald Trump and his Democratic rival Joe Biden.
“The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported”, Microsoft said.
Microsoft urged state and local election authorities in the U.S. to harden their operations and prepare for potential attacks.
The report names Strontium, an activity group operating from Russia; Zirconium, from China; and Phosphorus, linked to Iran, as the main actors.
While Phosphorus continued to attack the personal accounts of people associated with the Trump campaign, Zirconium targeted high-profile individuals associated with the election, including Joe Biden’s Presidential campaign team and prominent leaders in the international community.
Strontium has reportedly attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants.
Microsoft claims to have detected and stopped majority of these attacks using its security tools.
Strontium was identified in the Mueller report that investigated Russian interference in the 2016 Presidential Election, as the organization mainly responsible for the attacks on Hillary Clinton’s Democratic presidential campaign.
Microsoft’s Threat Intelligence Center (MSTIC) has observed a series of attacks conducted by Strontium since September 2019. These targets include U.S.-based consultants serving Republicans and Democrats; Think tanks such as The German Marshall Fund of the United States and advocacy organizations; National and state party organizations in the U.S.; and The European People’s Party and political parties in the UK.
Tom Burt – Corporate Vice President, Customer Security & Trust, said in a statement: “Similar to what we observed in 2016, Strontium is launching campaigns to harvest people’s log-in credentials or compromise their accounts, presumably to aid in intelligence gathering or disruption operations.”
The Washington-based company said it detected thousands of attacks from Zirconium between March and September this year. Some of these attacks have targeted the Biden campaign through non-campaign email accounts belonging to people affiliated with it. The group has also targeted at least one prominent individual formerly associated with the Trump Administration.
The Atlantic Council and the Stimson Center are among some international organizations targeted.
Phosphorus has spied a wide variety of organizations traditionally tied to geopolitical, economic or human rights interests in the Middle East.
Last month, taking advantage of a permission granted by a federal court in Washington D.C., Microsoft took control of 155 Phosphorus domains.
Between May and June, Phosphorus unsuccessfully attempted to log into the accounts of Trump administration officials and the President’s campaign staff.
Noting that the latest hacks are consistent with previous attack patterns, Microsoft recommends the concerned people and organizations to install its free and low-cost security tools.
It also stressed the need for more federal funding in the U.S. so that states can better protect their election infrastructure.
The report comes a day after a whistleblower at the Department of Homeland Security alleged he was forced to downplay the threat of Russian interference in the upcoming election as it “made the president look bad”.
Source: Read Full Article