Hackers are targeting the U.S. Presidential Elections again. After Russian military intelligence linked hackers, known as Fancy Bear or Strontium targeted Democratic National Committee and party nominee Hilary Clinton's campaign in the 2016 Elections, the same group is now launching cyberattacks on people related to the 2020 Elections.
Last month the Director of National Intelligence first warned about such attacks and Microsoft has confirmed the attempts on people related to both President Donald Trump's and Democratic candidate Joseph Biden's campaigns.
In a blog post, Microsoft said the Russian hacker group targeted over 200 organizations since September last year including political consultants of both parties (Republican and Democratic). However, the tech giant didn't reveal how many of those attacks were successful and the extent of the damage or data leak.
"The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated. Microsoft has been monitoring these attacks and notifying targeted customers for several months, but only recently reached a point in our investigation where we can attribute the activity to Strontium with high confidence," Microsoft's Tom Burt, Vice President of Customer Security & Trust wrote in the blog post.
Biden's Campaign Warned
Among the prominent firms to be targeted was SKDKnickerbocker, a communications and campaign strategy firm that was working with Biden and other Democrats. Microsoft had warned the company of the attempted hacks. However, the hacking attempts were not successful. "They are well-defended, so there has been no breach," a person in the knowhow told Reuters.
While the company declined to comment, Biden campaign said that it was aware of the attempts by "a foreign actor" who tried to break into "non-campaign email accounts of individuals affiliated with the campaign."
The Russian hackers', a group affiliated to Russia's military intelligence GRU, had wreaked havoc during the 2016 Presidential Elections when its cyberattack leaked emails of Democratic nominee Clinton and her staff. That was essentially one of the reasons for her loss to Trump.
The group, which is also known as Strontium and APT28, recently targeted government agencies and critical infrastructure such as energy companies. The hackers mainly tried to break into VPN servers, email accounts, mail servers and Microsoft Office 365.
Since the 2016 attacks, the group has changed its tactics. As per Microsoft's investigations, APT28 is now conducting brute-force attacks. In such attacks, hackers try to log in using a large number of possible passwords.
Another way they are trying to break into email accounts is password spraying which involves using common phrases for passwords multiple times in hopes of a successful breach. Earlier, they mainly used phishing scams to lure account holders to giving up usernames and passwords. But the new system is automated, thus, consuming less time.
Another Russian hacker group, named Cozy Bear or APT29 recently targeted laboratories and pharmaceutical companies in the U.S., U.K. and Canada for Coronavirus vaccine research data. However, the attempts were not successful.
Russia Not the Only Player
However, Russia is not the only country that is after U.S. Elections. Hackers from China and Iran have also attempting to break into networks linked to U.S. Elections as per the Department of Justice. Microsoft named Zirconium as the Chinese hacker group (also known as APT31) that targeted people "closely associated with U.S. presidential campaigns and candidates."
A Biden ally was also among the targets. The unnamed individual's personal email address was targeted while "at least one prominent individual formerly associated with the Trump Administration." Even universities and think tanks (such as Atlantic Council and the Stimson Center) were also among Zirconium's targets. According to Microsoft, around 150 attempts on organizations were successful in the last six months.
As for the Iranian hacker group, named Phosphorous or APT35, it mainly targeted people involved in the Presidential Elections. That includes members of Trump's campaign as well as the administration. However, those attempts that happened in May and June (2020) were not successful, as per Microsoft.