Hacker groups are ramping up activity as the US heads into the peak of election season. The latest attacks at times bear hallmarks similar to those seen in 2016.
Organizations have routinely used cyberattacks to meddle in foreign government affairs. In recent years, cyberattacks have played a central role in the election process around the globe. To help thwart such attempts, the US Department of State recently announced a multimillion-dollar bounty focused on identifying cybercriminals associated with foreign governments targeting US elections.
Heading toward Nov. 3 and the peak of the 2020 campaign season, some hacker groups are focusing efforts on candidates and other people integral to the election. On Thursday, Microsoft announced that it had observed a number of cyberattacks targeting organizations and individuals involved in the 2020 US presidential election.
SEE: Identity theft protection policy (TechRepublic Premium)
“We have and will continue to defend our democracy against these attacks through notifications of such activity to impacted customers, security features in our products and services, and legal and technical disruptions. The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election,” explained Tom Burt, corporate vice president of customer security and trust, in the Microsoft press release.
In the release, Microsoft outlines a number of specific attacks targeting both the Biden and Trump political campaigns. The cybercriminal organizations listed include actors based in Russia, China, and Iran. The Russian-based group Strontium, in particular, has “attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants,” according to Microsoft.
Microsoft notes that Strontium attacks are similar to attacks the company detected in 2016. The Strontium campaigns have again focused on harvesting log-in credentials or compromising accounts. Microsoft postulates that these attempts are intended to “aid in intelligence gathering or disruption operations.”
Overall, Strontium’s latest campaign has targeted hundreds of organizations involved in the upcoming election including consultants for Republican and Democratic Party candidates based in the US, think tanks, the European People’s Party, and others, per Microsoft.
The China-based organization Zirconium has specifically targeted “high-profile individuals” involved in the election including “people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community.” Additionally, Microsoft has observed that the Iran-based group Phosphorus has also targeted personal accounts “of people associated with the Donald J. Trump for President campaign.”
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
“The majority of these attacks were detected and stopped by security tools built into our products. We have directly notified those who were targeted or compromised so they can take action to protect themselves. We are sharing more about the details of these attacks today, and where we’ve named impacted customers, we’re doing so with their support,” reads a portion of the press release.