Russia, China and Iran target US elections with cyberattacks

It's the same playbook from 2016, Microsoft warns.

Kevin Lamarque / reuters

Russia is once again trying to interfere with a US presidential election, according to a new disclosure from Microsoft that also names China and Iran.

The attacks have targeted both Joe Biden and Donald Trump’s campaigns, as well as other officials and groups associated with the 2020 elections. “What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those they consult on key issues,” Microsoft writes in a statement.

Microsoft notes that, so far, the “majority” of hacking attempts it has identified have not been successful and were “stopped by security tools built into our products.” But the groups behind the attacks have still been persistent.

For example, the Russian group behind the attacks, called Strontium, are the same hackers responsible for the nation’s 2016 interference campaign. So far, Strontium has targeted more than 200 organizations, including political campaigns and other groups affiliated with Republican and Democratic officials.

“Similar to what we observed in 2016, Strontium is launching campaigns to harvest people’s log-in credentials or compromise their accounts, presumably to aid in intelligence gathering or disruption operations,” Microsoft says. “Many of Strontium’s targets in this campaign... are directly or indirectly affiliated with the upcoming U.S. election as well as political and policy-related organizations in Europe.”

When it comes to China, Microsoft says it has detected “thousands” of attacks over the last six months from a group it calls “Zirconium.” Zirconium is targeting “people closely associated with U.S. presidential campaigns and candidates,” as well as “prominent individuals in the international affairs community.” Microsoft says it has identified people associated with 15 universities and 18 policy organizations as targets of Zirconium.

The attacks from Iran come from a group called “Phosphorous” that Microsoft “has tracked extensively for years.” Between May and June of this year, the group “unsuccessfully attempted to log into the accounts of administration officials and Donald J. Trump for President campaign staff.”

Even though Microsoft says it has so far been successful at thwarting most of these cyberattacks, the company is warning that states need “more federal funding” for election security, particularly during the coronavirus pandemic. “While the political organizations targeted in attacks from these actors are not those that maintain or operate voting systems, this increased activity related to the U.S. electoral process is concerning for the whole ecosystem,” the company says.

This article contains affiliate links; if you click such a link and make a purchase, we may earn a commission.