Microsoft Says Russian, Iranian, Chinese Hackers Target Biden, Trump Campaigns
By RFE/RL September 11, 2020
U.S. tech giant Microsoft says hackers linked to Russia, Iran, and China have targeted people and organizations tied to both U.S. President Donald Trump and Democratic challenger Joe Biden.
The announcement on September 10 came at the same time that Biden's main campaign advisory firm said it had been told by Microsoft it was being targeted by the same Russian hackers who intervened in the 2016 U.S. presidential election.
The tech company said the newly reported actions appear to be part of a wider effort to target U.S. political campaigns and related groups ahead of the November 3 presidential election.
"What we've seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those who they consult on key issues," Tom Burt, a Microsoft vice president, said in a blog post.
U.S. intelligence officials in August said Russians favor Republican President Trump and that the Chinese prefer Biden, the former U.S. vice president.
However, Microsoft said in its latest statement that Chinese state-backed hackers have targeted "high-profile individuals associated with the election," including people tied to the Biden campaign.
Experts say hackers from China generally seek intelligence to gain economic and political advantage, while Moscow looks to weaponized stolen data to destabilize other governments.
John Hultquist, director of intelligence analysis at cybersecurity firm FireEye, told AP that Microsoft's information shows that Russian military intelligence has continued to pursue election-related targets despite legal indictments by U.S. authorities, sanctions, and other measures.
"This is the actor from 2016, potentially conducting business as usual," he said. "We believe that Russian military intelligence continues to pose the greatest threat to the democratic process."
U.S. intelligence agencies and congressional investigators determined that Russia's military intelligence interfered in the 2016 campaign to benefit the Trump campaign by hacking Democratic targets and releasing embarrassing material online, allegations Moscow denied.
The suspected hacking group is a unit within Russia's GRU military intelligence agency: the 85th Main Special Service Center (GTsSS), military Unit 2616.
That group, known as APT28 or "Fancy Bear," and other Russian hacking groups have been blamed in recent years by multiple Western governments, think tanks, and corporations for carrying out numerous cyberattacks.
Microsoft's Burt said most of the latest infiltration attempts, also conducted by Iranian and Chinese agents, were blocked by Microsoft's security software, but he would not provide further information.
The company said Washington-based SKDKnickerbocker, a campaign strategy and communications firm, had been targeted by Russian agents.
A person familiar with SKDK's actions told Reuters the hackers failed to gain access to the firm's data.
The Biden campaign said it was aware that a foreign actor had tried and failed to access "non-campaign e-mail accounts of individuals affiliated with the campaign."
Kremlin spokesman Dmitry Peskov on September 10 rejected earlier media reports about the hacking prior to Microsoft's statement.
"It looks like more nonsense that, unfortunately, respected news agencies publish sometimes," Peskov told reporters in Moscow.
With reporting by Reuters, AP, dpa, and AFP
Copyright (c) 2020. RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave., N.W. Washington DC 20036.
|Join the GlobalSecurity.org mailing list|