Kremlin-linked hackers who attacked the Democratic National Committee before the 2016 election once again are targeting people and organizations linked to the upcoming presidential election, Microsoft said in a blog post on Thursday.
A group code-named Strontium, “operating from Russia, has attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants” in the past few weeks, Tom Burt, Microsoft’s corporate vice president for customer security and trust, said on the blog.
“Similar to what we observed in 2016, Strontium is launching campaigns to harvest people’s log-in credentials or compromise their accounts, presumably to aid in intelligence gathering or disruption operations,” Burt said.
For the past six months the attackers have targeted U.S.-based political consultants working with both Democrats and Republicans, think tanks including the U.S. German Marshall Fund, and national and state political entities, he said.
The group also targeted companies in entertainment, hospitality, manufacturing, financial services and physical security industries, Microsoft said.
The Russian group, which is the Kremlin’s military intelligence unit that goes by the initials GRU, was also identified by special counsel Robert S. Mueller III as the one that broke into the Democratic National Committee’s servers in 2016 and released stolen emails.
Microsoft said it had observed two other state-backed hackers, code-named Zirconium and Phosphorus, that have targeted U.S. political entities.
“Zirconium, operating from China, has attempted to gain intelligence on organizations associated with the upcoming U.S. presidential election,” Burt said. “We’ve detected thousands of attacks from Zirconium between March 2020 and September 2020 resulting in nearly 150 compromises.”
The Chinese hackers are targeting “people closely associated with U.S. presidential campaigns and candidates” and have unsuccessfully tried to penetrate Democratic candidate Joe Biden’s campaign “through non-campaign email accounts belonging to people affiliated with the campaign,” Microsoft said. “The group has also targeted at least one prominent individual formerly associated with the Trump Administration.”
Phosphorus attackers, who are linked to Iran, have “attempted to access the personal or work accounts of individuals involved directly or indirectly with the U.S. presidential election,” Microsoft said. “Between May and June 2020, Phosphorus unsuccessfully attempted to log into the accounts of administration officials and Donald J. Trump-for-President campaign staff.”
Microsoft said its security tools had stopped a majority of the attacks and the targets of the attacks were notified to help them take preventive measures. A recent warning from the Office of the Director of National Intelligence said that Russia was interfering to help President Donald Trump’s reelection bid, while China was looking to assist Biden’s campaign.
State and local election officials who conduct elections across the country must “harden their operations and prepare for potential attacks,” Burt said, adding that many of them need federal funding to boost their security preparedness. “We encourage Congress to move forward with additional funding to the states and provide them with what they need to protect the vote and ultimately our democracy.”
While Congress has provided some money to states and local jurisdictions, efforts by Democrats to provide as much as $4 billion in federal grants have been stymied by Republicans in both chambers.