Americas, Content

Microsoft Warns China, Iran, Russia Increasing Cyber Attacks on U.S. Elections

Tom Burt, Microsoft
Tom Burt, corporate VP, customer security & trust, Microsoft

Microsoft has outed three prolific hacking crews from China, Iran and Russia for allegedly executing hundreds of cyber assaults on organizations and staffers associated with the election campaigns of President Trump and candidate Joe Biden.

Foreign cyber adversaries have increased their efforts to disrupt the upcoming 2020 elections, as had been widely expected by the U.S. intelligence community, Tom Burt, Microsoft corporate vice president, customer security & trust, wrote in a blog post.

Ahead of publicly disclosing the bad actors’ handiwork, Microsoft said it has “directly notified those who were targeted or compromised so they can take action to protect themselves.” Most of the attacks were immobilized, the company said.

U.S. Elections: Repeated Security Warnings

While Russia has been prominently identified as the guilty party in attempts to infiltrate U.S. elections, senior intelligence officials and security defenders have consistently warned that other countries are also meddling in the voting system.

Robert O’Brien

In June, for example, Google’s Threat Analysis Group said that Chinese and Iranian hackers had sent bogus emails to staffers of Biden’s and Trump’s campaigns. And, in mid-August, White House national security adviser Robert O’Brien warned U.S. cyber adversaries China, Iran and Russia that intervening in the upcoming U.S. elections will bring “severe consequences.”

Three state-backed cyber gangs dominate the election security landscape, according to Microsoft threat intelligence:

  • Strontium. Also known as Fancy Bear and APT28, operates from Russia. Has attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants. Named in the Mueller report as responsible for attacks on the Democratic presidential campaign in 2016. Launching campaigns to harvest people’s log-in credentials or compromise their accounts to gather intelligence or disruption operations. Moved from spear phishing to brute force attacks and password spray.
  • Zirconium. Also known as APT31. Operates from China. Has attempted to infiltrate organizations associated with the upcoming U.S. presidential election. Launched thousands of attacks between March 2020 and September 2020 on nearly 150 companies. Indirectly and unsuccessfully targeted the Biden campaign and at least one prominent individual formerly associated with the Trump administration. Uses web bugs for reconnaissance purposes on targeted accounts.
  • Phosphorus. Operates from Iran. Launching continuous attacks on the personal accounts of people associated with the Trump campaign. Conducts espionage campaigns targeting a wide variety of organizations tied to geopolitical, economic or human rights interests in the Middle East. Between May and June 2020, Phosphorus unsuccessfully attempted to log into the accounts of Trump administration officials and campaign staff.

Big Tech Protecting Democracy?

Microsoft's impetus for disclosing the attacks is safeguarding democratic processes and boosting public awareness of cyber threats and the steps necessary to protect themselves personally and professionally, Microsoft's Burt said. “We have and will continue to defend our democracy against these attacks through notifications of such activity to impacted customers, security features in our products and services, and legal and technical disruptions.” he said.

Burt also indirectly chided Congressional lawmakers for their failure to allocate more federal funding to help states protect their election infrastructure. ”While the political organizations targeted in attacks from these actors are not those that maintain or operate voting systems, this increased activity related to the U.S. electoral process is concerning for the whole ecosystem,” he said. In particular, the COVID-19 pandemic has made clear the need for additional funding to accommodate absentee and voting by mail. “We encourage Congress to move forward with additional funding to the states and provide them with what they need to protect the vote and ultimately our democracy.” he wrote.

Legislation and U.S. Election Security

In early August, the House approved $500 million in election security funding for states as part of a $1.3 trillion appropriations package for fiscal 2021 ended September 30, 2021. Since 2018, Congress has appropriated some $800 million for election security. In March, $400 million was earmarked in the COVID-19 pandemic stimulus bill. And, House Democrats in May proposed sending $3.6 billion to state and local officials to help them hold elections during the pandemic

Microsoft’s warning comes on the heels of a government whistleblower’s allegation that Department of Homeland Security officials were told to stop providing intelligence on the threat of Russian election interference and instead directed to concentrate on attacks carried out by China and Iran, in what has been seen as a political move.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.