Boston: Microsoft said on Thursday that the same Russian military intelligence agency that invaded the Democratic Party in 2016 has redefined powerful goals related to the U.S. election, trying to sabotage the computers of more than 200 organizations including political campaigns and their advisers.
The intrusion attempts reflect a stepped up effort to infiltrate the U.S. political establishment, the company said. “What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those who they consult on key issues,” Tom Burt, a Microsoft vice president, said in a blog post. U.K. and European political groups were also probed, he added.
He said that most of the hacking attempts of Russian, Chinese and Iranian agents were blocked by Microsoft’s security software and the target was notified. The company does not comment on who may be successfully hacked or the impact caused.
Although U.S. intelligence officials said last month that Russians favor President Donald Trump, while Chinese prefer his Democratic challenger, former Vice President Joe Biden, Microsoft noted on Thursday that hackers supported by the Chinese government have already Targeted “election-related celebrities,” including those related to the Biden movement.
Chinese hackers largely collect intelligence to pursue economic and political benefits, while Russia tends to weaponize stolen data to destabilize other governments.
Microsoft did not assess which foreign opponents pose a greater threat to the integrity of the November presidential election. The consensus among cybersecurity experts is that Russia’s intervention is the most serious. Senior Trump administration officials questioned this, although they did not provide any evidence.
“This is the actor from 2016, potentially conducting business as usual,” said John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye. “We believe that Russian military intelligence continues to pose the greatest threat to the democratic process.”
Microsoft’s post shows that Russian military intelligence continues to pursue election-related goals, which have not been hindered by US prosecutions, sanctions and other countermeasures. Investigators from the US Congress and the FBI found that it interfered with the emails of the Democratic National Committee and Hillary Clinton campaign leader John Podesta (John Podesta), and dumped people on the Internet. The embarrassing material interfered with the 2016 campaign aimed at benefiting the Trump campaign.
The GRU military intelligence unit, which Microsoft identified as the behind-the-scenes of current election-related activities, also entered voter registration databases in at least three states in 2016, although there is no evidence that it tried to interfere with voting.
Microsoft is able to see these efforts because its software is ubiquitous and enjoys high ratings in terms of security. Microsoft has not resolved whether US officials in the election management or voting system were attacked by state-backed hackers this year. US intelligence officials said that so far, they have not found any signs of infiltration.
Thomas Rid, a Johns Hopkins geopolitics expert, said he was disappointed by Microsoft’s refusal to differentiate threat level by state actor. “They’re lumping in actors that operate in a very different fashion, probably to make this sound more bipartisan,” he said. “I just don’t understand why.”
Microsoft said that in the past year, Fancy Bears have been observed to try to break into the accounts of people directly or indirectly connected to the U.S. election, including consultants who advise Republican and Democratic campaigns and ethnic and state organizations-200 in total. Multiple groups.
The opposition also targeted the center-right European People’s Party, the largest group in the European Parliament. A party spokesperson said that the hacking attempt was unsuccessful. Another goal is the German Marshall Foundation (think tank) in the United States. A spokesperson said there was no evidence of intrusion.
Microsoft did not say whether Russian hackers had attempted to break into the Biden campaign but did say that Chinese hackers from the state-backed group known as Hurricane Panda “appears to have indirectly and unsuccessfully” targeted the Biden campaign through non-campaign email accounts belonging to people affiliated with it.
The Biden campaign did not confirm this attempt, although it said in a statement that it was aware of Microsoft’s report.
The blog stated that hackers supported by the Iranian government tried to log into the accounts of Trump campaign and government officials from May to June this year, but were unsuccessful. Trump campaign deputy press secretary Thea McDonald (Thea McDonald) said: “We are a big target, so it is not surprising to see malicious activities directed at the campaign or our staff.” She declined to comment further. Comment.
Tim Murtaugh, the campaign’s director of publicity, said: “President Trump will defeat Joe Biden in a fair and just manner. We do not need nor need any foreign interference.”
In June, Google disclosed that Hurricane Panda had hit Trump campaign personnel, while Iranian hackers were trying to sabotage the accounts of Biden campaign personnel. Such phishing attempts usually involve forged emails with links designed to collect passwords or infect devices with malware.
Although the Attorney General William Barr and National Security Advisor Robert O’Brien both stated that China is the biggest threat to the US election, the only Chinese hackers mentioned by Microsoft Trump administration officials are “at least one outstanding person who has had a relationship with the government.” .
Graham Brookie, director of digital forensic research at the Atlantic Council, questioned Barr and O’Brien’s claims that China poses a greater threat to this year’s election. His laboratory is at the forefront of a campaign to discover and promote disinformation in Russia.
Brooke confirmed that his employer was the target of Hurricane Panda, but he said that there is no evidence that the hacking attempt was related to the 2020 election, and the hacking attempt was unsuccessful.
“We have every indication that this was an instance of cyber-espionage, information gathering, as opposed to electoral interference,” he said.
By contrast, Brookie said, “it’s pretty evident that the Russian attempts (Microsoft disclosed) were focused on electoral processes and groups working on that.”
Microsoft pointed out that the Fancy Bear method is shifting in the direction of increasing automation, trying to steal login credentials that people used to rely mainly on phishing. In recent months, the organization has used so-called brute force attacks to prevent account logins with a short burst of potential passwords. It also uses another method that only makes intermittent login attempts to avoid detection.
Microsoft said that Fancy Bear has also strengthened the use of Tor anonymity service to cover up its hacking.