The same Russian military intelligence outfit that hacked the Democrats in 2016 has attempted similar intrusions into the computer systems of more than 200 organizations including political parties and consultants, Microsoft said Thursday.
Those efforts appear to be part of a broader increase in targeting of U.S. political campaigns and related groups, the company said.
And Microsoft identified a suspected hacking group that targeted a firm working with Democrat Joe Biden as the Russian unit.
The hacking attempts targeted staff at Washington-based SKDKnickerbocker, a campaign strategy and communications firm working with 2020 presidential election hopeful Biden and other prominent Democrats, over the past two months, the sources said.
SKDK Vice Chair Hilary Rosen declined to comment. The Biden campaign said it was aware Microsoft said a foreign actor had tried and failed to access ‘non-campaign email accounts of individuals affiliated with the campaign.’ Microsoft, which has shared with SKDK its assessment that Russian state-backer hackers targeted the firm, declined to comment.
The Russian hacking group, which many cyber researchers refer to as ‘Fancy Bear,’ is controlled by Russia’s military intelligence agency, according to reports from the U.S. intelligence community released after the 2016 election.
His hackers are back: Vladimir Putin’s elite Fancy Bear unit is targeting both presidential campaigns – after causing chaos in 2016
Targeted: Microsoft’s blog post said Iranian state-backed hackers have unsuccessfully tried to log into accounts of Trump campaign and administration officials between May and June of this year. it said Russia had targeted his campaign and its consultants
Targeted: A consulting firm used by Joe Biden’s campaign was the subject of an attempted hack by Fancy Bear, the Russian elite hackers, sources say
A person familiar with SKDK’s response to the attempts said the hackers failed to gain access to the firm’s networks. ‘They are well-defended, so there has been no breach,’ the person said.
Microsoft believes Fancy Bear is behind the attacks based on an analysis of the group’s hacking techniques and network infrastructure, one of the sources said.
The hack attempt was revealed as Microsoft warned that both candidates’ campaigns, their staff and consultants are being targeted by Russia, and China and Iran.
‘What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those who they consult on key issues,’ Tom Burt, a Microsoft vice president, said in a blog post.
Most of the infiltration attempts by Russian, Chinese and Iranian agents were halted by Microsoft security software and the targets notified, he said.
Microsoft codenames the Russian group Strontium, but they are better know as Fancy Bear.
The company would not comment on who may have been successfully hacked or the impact.
Microsoft did not assess which foreign adversary poses the greater threat to the integrity of the November presidential election.
The consensus among cybersecurity experts is that Russian interference is the gravest.
Senior Trump administration officials have disputed that, though without offering any evidence.
‘This is the actor from 2016, potentially conducting business as usual,’ said John Hultquist, director of intelligence analysis at the top cybersecurity firm FireEye.
‘We believe that Russian military intelligence continues to pose the greatest threat to the democratic process.’
The Microsoft post shows that Russian military intelligence continues to pursue election-related targets undeterred by U.S indictments, sanctions and other countermeasures, Hultquist said.
It interfered in the 2016 campaign seeking to benefit the Trump campaign by hacking the Democratic National Committee and emails of John Podesta, the campaign manager of Hillary Clinton, and dumping embarrassing material online, congressional and FBI investigators have found.
The same GRU military intelligence unit, known as Fancy Bear, that Microsoft identifies as being behind the current election-related activity also broke into voter registration databases in at least three states in 2016, though there is no evidence it tried to interfere with voting.
Microsoft, which has visibility into these efforts because its software is both ubiquitous and highly rated for security, did not address whether U.S. officials who manage elections or operate voting systems have been targeted by state-backed hackers this year.
U.S. intelligence officials say they have so far not seen no evidence of that. They said last month that the Russians favor President Donald Trump and the Chinese prefer former vice president Joe Biden, the Democratic challenger.
But China is largely an espionage threat, while Russia steals data and weaponizes it.
In a Washington Post opinion piece this week, Susan Gordon, the deputy director of national intelligence from 2017-2019, said that ‘Russia’s intent is to undermine American democracy’ while China seeks, by contrast, to shape U.S. policy and erode U.S. global influence, in part by the theft of intellectual property.
Thomas Rid, a Johns Hopkins geopolitics expert, said he was disappointed by Microsoft’s refusal to differentiate threat level by state actor.
‘They’re lumping in actors that operate in a very different fashion, probably to make this sound more bipartisan,’ he said. ‘I just don’t understand why.’
Aid to Trump: Fancy Bear intervened in the 2016 election to hurt Hillary Clinton
Microsoft said in the past year it has observed attempts by Fancy Bear to break into the accounts of people directly and indirectly affiliated with the U.S. election, including consultants serving Republican and Democratic campaigns and national and state party organizations – more than 200 groups in all.
Also targeted was the center-right European People’s Party, the largest grouping in the European Parliament. A party spokesperson said the hacking attempts were unsuccessful.
The German Marshal Fund of the United States, a think tank, was another target. A spokesperson said there was no evidence of intrusion.
Microsoft did not say whether Russian hackers had attempted to break into the Biden campaign but did say that Chinese hackers from the state-backed group known as Hurricane Panda ‘appears to have indirectly and unsuccessfully’ targeted the Biden campaign through non-campaign email accounts belonging to people affiliated with it.
The Biden campaign did not confirm the attempt, although it said in a statement that it was aware of the Microsoft report.
The blog post said Iranian state-backed hackers have unsuccessfully tried to log into accounts of Trump campaign and administration officials between May and June of this year.
‘We are a large target, so it is not surprising to see malicious activity directed at the campaign or our staff,’ Trump campaign deputy press secretary Thea McDonald said. She declined further comment.
In June, Google disclosed that Hurricane Panda had targeted Trump campaign staffers while Iranian hackers had attempted to breach accounts of Biden campaign workers. Such phishing attempts typically involve forged emails with links designed to harvest passwords or infect devices with malware.
Although both Attorney General William Barr and National Security Advisor Robert O’Brien have both said China represents the greatest threat to U.S. elections, the only mention of a Trump administration official targeted by Chinese hackers is ‘at least one prominent individual formerly associated with’ the administration.
Graham Brookie, director of digital forensic research at The Atlantic Council, disputes Barr and O’Brien´s claim that China poses the greater threat to this year´s election.
His lab is at the forefront of unearthing and publicizing Russian disinformation campaigns.
Brookie confirmed that his employer was among targets of Hurricane Panda but said there was no evidence the hacking attempts, which he said were unsuccessful, had anything to do with the 2020 election.
‘We have every indication that this was an instance of cyber-espionage, information gathering, as opposed to electoral interference,’ he said.
By contrast, Brookie said, ‘it’s pretty evident that the Russian attempts (Microsoft disclosed) were focused on electoral processes and groups working on that.’