September 11, 2020
Hackers linked to Russia, China, and Iran are trying to spy on people tied to both U.S. President Donald Trump and Democratic challenger Joe Biden, Microsoft Corp said Thursday.
The report came as Reuters revealed that one of Biden’s main campaign advisory firms had been warned by the software giant that it was in the crosshairs of the same Russian hackers who intervened in the 2016 U.S. election.
The Microsoft statement highlights how advisers to both presidential campaigns are at risk from digital spies around the globe, as the two candidates face off on Nov. 3 in one of the most consequential U.S. presidential elections in decades.
The announcement by Microsoft’s vice president for customer security, Tom Burt, says the group accused of breaching Hillary Clinton’s campaign emails in 2016 – a Russian military intelligence-linked unit widely known as Fancy Bear – had spent the past year trying to break into accounts belonging to political consultants serving both Republicans and Democrats as well as advocacy organizations and think tanks.
Burt also said Chinese hackers had gone after people “closely associated with U.S. presidential campaigns and candidates” – including an unnamed Biden ally who was targeted through a personal email address and “at least one prominent individual formerly associated with the Trump Administration.”
He added that Iranian hackers – which Microsoft has already called out publicly for attempts to spy on a U.S. political campaign that Reuters identified https://uk.reuters.com/article/uk-cyber-security-iran-trump-exclusive/exclusive-trump-campaign-targeted-by-iran-linked-hackers-sources-idUKKBN1WJ2AD?feedType=RSS&feedName=topNews&rpc=69 as being Trump’s – had since tried to log into accounts belonging to Trump administration officials and members of the Republican president’s campaign staff.
Microsoft’s announcement was planned before Reuters broke the news that Fancy Bear was suspected of targeting Washington-based SKDKnickerbocker, a campaign strategy and communications firm working with Biden and other prominent Democrats.
Burt did not name any of the political consultants involved and Microsoft declined to comment on whether SKDK was among the consultants it had identified as targets.
SKDK has declined comment.
Burt said the Chinese effort to compromise the Biden ally and the Iranian spying against the Trump campaign were unsuccessful, but his blog post provided no detail on the hacking campaign attributed to Russia or the effort to compromise the well-known former Trump associate.
Speaking generally, he said that foreign hacking was intensifying as the vote drew nearer.
“The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated,” Burt said.
The Department of Homeland Security’s top cyber official, Christopher Krebs, said Microsoft’s warning was consistent with earlier statements issued by the intelligence community about Russian, Chinese, and Iranian spying on election-related targets.
“It is important to highlight that none are involved in maintaining or operating voting infrastructure and there was no identified impact on election systems,” Krebs said.
The Biden campaign said it was aware of the attempt to break into “non-campaign email accounts of individuals affiliated with the campaign.”
“We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them,” Biden’s team said in a statement.
The Trump campaign said it too was aware of the break-in attempts. “We are a large target, so it is not surprising to see malicious activity directed at the campaign or our staff,” Deputy National Press Secretary Thea McDonald said in a statement.
The Chinese and Russian embassies in Washington and the Iranian mission to the United Nations in New York also did not immediately return messages. All three governments have previously denied allegations of cyber espionage.
State-backed hackers going after politicians in an election year is not unusual.
“Parties and campaigns are good sources of intelligence on future policy,” said John Hultquist, an analyst at cybersecurity company FireEye’s Mandiant unit.
But he said he was particularly concerned by the news that Fancy Bear was active, saying the group history of leaking data it hacked “raises the prospect of follow-on information operations or other devastating activity.”