Same Russian hackers take aim at US elections, says Microsoft

Most infiltration attempts have been blocked by tech company's security software

U.S. President Donald Trump speaks to reporters during a news conference in the Brady Press Briefing Room at the White House in Washington, U.S., September 10, 2020. REUTERS/Kevin Lamarque
Powered by automated translation

The same Russian military intelligence outfit that hacked the Democrats in 2016 has tried to infiltrate the computer systems of more than 200 organisations, including political parties and consultants, Microsoft said Thursday.

The attempts appear to be part of a broader increase in affecting US political campaigns and related groups, the company said.

“What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers, but also those who they consult on key issues,” Tom Burt, a Microsoft vice president, said in a blog post.

Most of the infiltration attempts by Russian, Chinese and Iranian agents were halted by Microsoft security software and the targets notified, Mr Burt said.

The company would not say who might have been successfully hacked, or the effect it had.

US intelligence officials last month said the Russians favoured President Donald Trump and the Chinese preferred former vice president Joe Biden, the Democratic challenger.

But Microsoft that Chinese hackers focused on “high-profile individuals associated with the election", including people linked with the Biden campaign.

This is the actor from 2016, potentially conducting business as usual

Experts say China is largely hunting for intelligence, while Russia steals data and uses it for its own ends.

Microsoft did not say which foreign power posed the greater threat to the integrity of the November  election.

The consensus among cybersecurity experts is that Russian interference is the most serious.

Senior Trump administration officials have disputed that.

“This is the actor from 2016, potentially conducting business as usual,” said John Hultquist, director of intelligence analysis at cybersecurity company FireEye.

“We believe that Russian military intelligence continues to pose the greatest threat to the democratic process.”

The Microsoft post shows that Russian military intelligence continues to look for election-related targets, undeterred by US indictments, sanctions and other measures, Mr Hultquist said.

In the 2016 campaign, it sought to assist the Trump campaign by hacking the Democratic National Committee and emails of John Podesta, the campaign manager for Hillary Clinton, dumping embarrassing material online, investigators found.

Fancy Bear strikes again

The same GRU military intelligence unit, known as Fancy Bear, which Microsoft identifies as being behind the current hacking attempts, also broke into voter registration databases in at least three states in 2016.

There is no evidence it tried to interfere with voting.

Thomas Rid, a Johns Hopkins geopolitics expert, said he was disappointed by Microsoft’s refusal to rank the threats posed by different foreign hackers.

“They’re lumping in actors that operate in a very different fashion, probably to make this sound more bipartisan,” Mr Rid said. “I just don’t understand why.”

Microsoft said in the past year it observed attempts by Fancy Bear to break into the accounts of people directly and indirectly affiliated with the US election.

They included consultants serving Republican and Democratic campaigns and national and state party organisations. More than 200 groups were attacked.

DETROIT, MICHIGAN - SEPTEMBER 09: Wearing a face mask to reduce the risk posed by the coronavirus, Democratic presidential nominee Joe Biden talks with members of the United Steelworkers union in a supporter's back yard September 09, 2020 in Detroit, Michigan. Biden is campaigning in Michigan, which President Donald Trump won in 2016 by less than 11,000 votes, the narrowest margin of victory in state's presidential election history.   Chip Somodevilla/Getty Images/AFP
The alleged attempt to hack Joe Biden's campaign was rebuffed by robust cyber defences. AFP

Also hit was the centre-right European People’s Party, the largest group in the European Parliament. The party said the hacking attempts were unsuccessful.

The German Marshall Fund, a US think tank, was another target. It said there was no evidence of intrusion.

Microsoft said Chinese hackers from the state-backed group known as Hurricane Panda “appears to have indirectly and unsuccessfully” tried to infiltrate the Biden campaign through non-campaign email accounts of people affiliated with it.

The Biden campaign did not confirm the attempt, although it said it was aware of the Microsoft report.