Hackers out of Russia, China, Iran are targeting US election, Microsoft finds
Cyberattacks have evolved since 2016 and are aiming at the campaigns of both Joe Biden and Donald Trump.
Hackers have never stopped trying to interfere in US politics, they've only gotten smarter about covering their tracks, researchers from Microsoft disclosed on Thursday. The attacks have only advanced since Russian hackers interfered with the US presidential election in 2016, with attempted hacks now targeting both the Trump and Biden campaigns.
The presidential election in 2016 showed that cybersecurity plays a major role in politics, after Russian hackers stole and leaked thousands of emails from the Democratic National Committee and Hillary Clinton's campaign. Since then, government agencies like the Cybersecurity and Infrastructure Security Agency and the FBI have ramped up efforts to protect elections from hackers and online disinformation.
In a press briefing in August, the agencies said they hadn't found any evidence of successful cyberattacks against election infrastructure, but they noted that there were many attempts on a daily basis. Microsoft's report on Thursday gives a glimpse into those attempts, which it says are coming from hacker groups in Russia, China and Iran.
"Protecting our elections is a team effort with the federal government and the private sector joining together to thwart foreign malign actors," the Department of Homeland Security's acting secretary, Chad Wolf, said in a statement Thursday. Wolf said Microsoft's announcement reaffirms his statements in the recent State of the Homeland Address that hackers from China, Iran and Russia "are trying to undermine our democracy and influence our elections."
Russian hackers have changed their tactics, and are targeting more than 200 organizations in the US, including consultants tied to Republicans and Democrats, Microsoft said.
Video: CISA director: Paper record key to keeping 2020 election secure
Though Russian hackers relied on spear phishing in 2016, where it sent tailored messages to trick victims into clicking on malicious links, in recent months it's been using brute force attacks, where it floods accounts with password guesses until one of them works.
Russian hackers have been covering up their tracks by rotating through 1,000 different IP addresses, and adding about 20 new ones each day, Microsoft found.
Chinese hackers launched thousands of attacks and successfully compromised about 150 people between March and September, Microsoft said. The nation-state's hackers are targeting people affiliated with presidential campaigns, and made an unsuccessful attempt against people related to the Joe Biden for President campaign, the company said.
"We are aware of reports from Microsoft that a foreign actor has made unsuccessful attempts to access the non-campaign email accounts of individuals affiliated with the campaign," the Biden campaign said. "We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them. Biden for President takes cybersecurity seriously, we will remain vigilant against these threats, and will ensure that the campaign's assets are secured."
Unlike the hacking efforts by Russians, the hackers in China are using known bugs on websites and targeting specific individuals for its attacks, Microsoft detailed.
Iranian hackers have been trying to access accounts belonging to Trump's campaign staff, as well as accounts belonging to Trump administration officials, between May and June, according to the company.
"As President Trump's re-election campaign, we are a large target, so it is not surprising to see malicious activity directed at the campaign or our staff," said the Trump campaign's deputy national press secretary, Thea McDonald. "We work closely with our partners, Microsoft and others, to mitigate these threats. We take cybersecurity very seriously and do not publicly comment on our efforts."
Microsoft also caught Iranian hackers making more than 2,700 attempts to hack a presidential campaign last October, and Google found Iranian and Chinese hackers attempting to hack both presidential campaigns in June.
A report from the Office of the Director of National Intelligence in August found that Russia was attempting to sabotage Biden's election bid while China was working against the Trump campaign.
Microsoft's disclosure comes the same day the US Treasury Department announced sanctions against three Russians for ties to the country's disinformation effort and a Ukrainian Parliament member for efforts to interfere with the 2020 election.