WASHINGTON—Russian government hackers have targeted at least 200 organizations tied to the 2020 U.S. election in recent weeks, including national and state political parties and political consultants working for both Republicans and Democrats, according to Microsoft Corp.
China has also engaged in cyberattacks against “high-profile individuals” linked to Democratic nominee Joe Biden’s campaign, while Iranian actors have continued targeting personal accounts of people associated with President Trump’s campaign, Microsoft said in a blog post published Thursday.
The software giant’s threat intelligence team is able to track suspected cyberattacks against people and organizations that use its email platform and other Microsoft services. The findings don’t portray the full scope of foreign cyberattacks when it comes to the U.S. election because Microsoft is largely limited to analyzing threats to its own customers, but echo recent assessments from the U.S. intelligence community and other security experts.
SHARE YOUR THOUGHTS
What steps should be taken to ensure the integrity of this fall’s elections? Join the conversation below.
Most of the attempted intrusions haven’t been successful, and those who were targeted or compromised have been directly notified of the malicious activity, Microsoft said.
A spokesman for the Russian Embassy in Washington denied Thursday’s allegations and said, “The time has come to stop poisoning the atmosphere of relations with baseless allegations.” Chinese and Iranian officials didn’t respond to requests for comment.
The breadth of the attacks underscore widespread concerns among U.S. security officials and within Silicon Valley about the threat of foreign interference in the presidential election less than two months away.
“It is critical that everyone involved in democratic processes around the world, both directly or indirectly, be aware of these threats and take steps to protect themselves in both their personal and professional capacities,” said Tom Burt, Microsoft’s vice president of consumer safety and trust.
The Russian actor tracked by Microsoft is affiliated with a military intelligence unit and is the same group that hacked and leaked Democratic emails during the 2016 presidential contest. In addition to political consultants and state and national parties, its recent targets have included advocacy organizations and think tanks, such as the German Marshall Fund, as well as political parties in the U.K., Microsoft said.
Russia’s tactics have evolved since 2016 to include new reconnaissance tools and methods to cloak its operations, according to Microsoft. While the hackers four years ago primarily relied on spearphishing—an attack that involves posing as another person to trick an email recipient to click on a malicious link—to steal login credentials, they have more recently deployed so-called brute-force attacks and password sprays, which target a wider net of people with automated attempts to essentially guess passwords.
Since March of this year, Microsoft said it had detected thousands of attempted attacks linked to a Chinese hacking group and nearly 150 account compromises. The widespread operations included attempts to compromise people close to the presidential campaigns and candidates themselves, including an unsuccessful effort to target Mr. Biden’s campaign through “non-campaign email accounts belonging to people affiliated with the campaign.”
China also has targeted at least one prominent person described by Microsoft as formerly associated with the Trump administration.
The Chinese hackers also have targeted academics in international affairs at more than 15 universities and accounts linked to 18 international affairs policy organizations, including the Atlantic Council and the Stimson Center, Microsoft said. The company didn’t say if those attempts were successful.
Iran, meanwhile, has unsuccessfully tried in recent months to log into accounts belonging to Trump administration officials and staff working for Mr. Trump’s re-election campaign, Microsoft said.
A warning last month from U.S. intelligence agencies—released after pressure from Democratic lawmakers pushing for more public transparency—said Russia has undertaken a broad effort to damage Mr. Biden’s bid for the presidency. It also said China prefers that Mr. Trump not win re-election and that Iran is also seeking to undermine U.S. democratic institutions and Mr. Trump.
In recent weeks, some senior Trump officials have said that China is a larger threat to the election than Russia. But Democratic lawmakers and several administration officials familiar with the matter have said that Russia poses a far more immediate threat.
A senior Department of Homeland Security official filed a whistleblower complaint this week alleging that agency leadership gave instructions to halt the dissemination of intelligence memos on threats posed by Russia to the presidential election because doing so would be harmful to Mr. Trump. A spokesman for DHS disputed the allegations.
Hackers working for Russia, China and others have for years targeted presidential campaigns and the politically influential groups in their orbit, typically to gain insight into a campaign’s inner workings and policy priorities.
But such operations took on new significance in 2016, when Russia interfered in that year’s election to boost Mr. Trump’s campaign and harm Democratic nominee Hillary Clinton, according to U.S. intelligence agencies. That conclusion was later corroborated by former special counsel Robert Mueller and a recent bipartisan report by the Senate Intelligence Committee. Russia has denied the attacks.
Microsoft’s analysis doesn’t include cyberattacks on election infrastructure, such as state voter registration databases—a key area of concern after it was discovered Russia had also targeted those systems in 2016. Chris Krebs, the top cybersecurity official at the Department of Homeland Security, said this week at the Billington CyberSecurity Summit that he hadn’t seen evidence of those kinds of attacks.
John Hultquist, director of intelligence analysis at the U.S.-based cybersecurity company FireEye Inc., said that the threat to the election posed by Russia’s military intelligence exceeded that from other nations, given its tendency toward “brash and aggressive cyber operations.”
As in previous elections, China and Iran are likely targeting campaigns to quietly collect intelligence, Mr. Hultquist said. But Russia’s “unique history raises the prospect of follow-on information operations or other devastating activity.”
Corrections & Amplifications
An earlier version of this story included a photograph of the incorrect Tom Burt. The story has been updated with a photo of Tom Burt, Microsoft’s corporate vice president of customer and security trust. Also, Microsoft Corp. said Russian government hackers have targeted at least 200 organizations tied to the 2020 U.S. elections in recent weeks, including presidential and other contests. An earlier version of this article erroneously said that hackers have targeted organizations tied to the 2020 presidential election. (Corrected on Sept. 10)
Write to Dustin Volz at firstname.lastname@example.org
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8