According to Microsoft, the U.S. elections are under attack by organizations affiliated with the nation’s adversaries who are targeting politicians from both major parties, including President Donald Trump and his opponent former Vice President Joe Biden.
The company has detected cyberattacks targeting people and organizations involved in the upcoming election. The activity detected makes it clear that foreign actors are stepping up their efforts to target the election, writes Tom Burt, corporate vice president of customer security and trust at Microsoft, in a company blog.
These organizations are affiliated with Russia, China and Iran, Burt says.
“We have and will continue to defend our democracy against these attacks through notifications of such activity to impacted customers, security features in our products and services, and legal and technical disruptions,” Burt writes.
Strontium, a Russian organization that was identified by government officials are being responsible for the attacks on the Democratic president campaign in 2016, has attacked more than 200 organizations, including political campaigns, advocacy groups, parties and political consultants.
According to Microsoft, Strontium has targeted organizations affiliated with both political parties.
The group attempts to harvest the log-in credentials of its targets via spear phishing attacks, brute force attacks and password spray. The attacks are run through more than 1,000 constantly rotating IP addresses in an attempt to disguise them. It has even added and removed about 20 IPS per day to further avoid detection.
Targets also include private sector and enterprises, including entertainment, hospitality, manufacturing, financial services and the physical security industry.
Zirconium, a Chinese organization, has attacked high-profile individuals involved in the election, like the Biden campaign and individuals affiliated with the Trump Administration. According to Burt, Microsoft detected thousands of attacks between March and September, resulting in nearly 150 compromises.
Other targets are prominent individuals in the international affairs community and academia. The organization is using what Burt calls “web bugs,” or web beacons, tied to a domain they purchased and populated with content. An actor sends the associated URL in email text or attached to a targeted account. This allows the organization to check if a user attempted to access the site, resulting in an easy way to see if accounts are valid or active.
Iran is also attacking the election via hacking group Phosphorous, Burt says. The organization targets a wide variety of organizations with political, economic or human rights interests in the Middle East.
Microsoft has taken legal action against the group, including last month when a D.C. federal court allowed the company to take control of 25 new internet domains used by the group.
Especially if you work with the government, your company should take steps now to bolster its security and make sure employees are trained to spot phishing attempts.