Microsoft says Russian, Chinese, and Iranian state-funded hackers have tried to breach accounts e-mail people associated with the election campaigns of Trump and Biden. According to Tom Burt, Vice President of Security and Customer Trust at Microsoft, the majority of attacks were detected and blocked. Burt revealed the incidents in a blog post after Reuters reported some Russian attacks aimed at Biden's campaign. In addition, Burt confirmed a report Director of National Intelligence (DNI) which was announced in August, stating that Chinese and Iranian hackers are also targeting USA.
According to Microsoft, the attacks carried out by Russian hackers are linked to a group by name Strontium, also known as APT28 or Fancy Bear. Microsoft pointed out that this group is very active, having targeted more than 200 organizations worldwide, from September 2019 until today. The victims of the Russian hackers include the following: US-based advisers serving Republicans and Democrats, national and state party organizations in the United States, the European People's Party and political parties in the United Kingdom, and think tanks such as the German Marshall Fund and defense organizations.
Microsoft said that while Strontium hackers in the past mainly did spear-phishing attacks, in recent months, use brute-force and password-spraying techniques to infringement accounts.
As these attacks are easy to detect, Microsoft noted that Strontium hides credentials mass-harvesting its businesses using more than 1.000 constantly rotating IP addresses, many of which are related to the Tor anonymization service and adding and subtracting about 20 IPs per day, to further cover their business.
Many of the attacks detected came from Chinese hackers. While there are currently dozens of hacking groups believed to be operating under the command and protection of the Chinese government, Microsoft said the attacks targeting US campaigns came from a group known as Zirconium The same group was located by Google in June. Microsoft also detected thousands of attacks orchestrated by this group between March 2020 and September 2020, with hackers gaining access at almost 150 accounts during this period. The targets of these attacks include individuals with close ties to US presidential campaigns and candidates (eg, the Biden campaign and attacks on at least one person previously linked to the Trump administration), as well as prominent international affairs figures.
The attacks carried out by the Iranian hackers came from a group known as phosphorous. These attacks are a continuation of a campaign launched last year and for which Microsoft issued warnings in October 2019. Specifically, at that time, Microsoft warned that hackers were targeting a US presidential campaign in 2020, without mentioning it by name. . A thorough investigation revealed that the attacks were aimed at Trump's campaign. Now, Microsoft has confirmed that the attacks are indeed targeting Trump's campaign, while also revealing a new activity related to the group. In particular, he noted that between May and June 2020, Phosphorous hackers unsuccessfully attempted to log in to the accounts of Trump administration officials and staff working on the campaign.