Microsoft says hackers in Russia, China and Iran are escalating their efforts to disrupt the upcoming U.S. presidential election, with new cyberattacks on people and groups associated with the campaigns.
The company described the findings Thursday afternoon in a blog post and technical analysis. Microsoft says its security tools detected and prevented the majority of the attacks against the Biden and Trump campaigns.
The attackers identified by Microsoft include the Russian organization Strontium, also known as Fancy Bear, the same group believed to be responsible for the 2016 attacks against the Democratic presidential campaign. In this case, Microsoft says, the Russian group is targeting representatives of both parties.
“Similar to what we observed in 2016, Strontium is launching campaigns to harvest people’s log-in credentials or compromise their accounts, presumably to aid in intelligence gathering or disruption operations,” says Tom Burt, a Microsoft corporate vice president, in a post detailing the company’s findings. “Many of Strontium’s targets in this campaign, which has affected more than 200 organizations in total, are directly or indirectly affiliated with the upcoming U.S. election as well as political and policy-related organizations in Europe.”
The report comes a day after a government whistleblower alleged that the Department of Homeland Security attempted to downplay Russian efforts to interfere in the elections, seeking to focus intelligence assessments on China and Iran, to better match President Donald Trump’s political agenda.
Microsoft says a group in China, dubbed Zirconium, has focused its attacks on people associated with the Biden campaign; and an Iranian group called Phosphorus has targeted others associated with the Trump campaign.
The New York Times calls Microsoft’s assessment “far more detailed than any yet made public by American intelligence agencies,” and notes that the findings about the group in China are contrary to a prior U.S. intelligence assessment indicating that China favored Vice President Joe Biden’s bid for the presidency.
“We disclose attacks like these because we believe it’s important the world knows about threats to democratic processes,” Microsoft’s Burt says in the post. “It is critical that everyone involved in democratic processes around the world, both directly or indirectly, be aware of these threats and take steps to protect themselves in both their personal and professional capacities.”