Hackers linked with the Chinese government tried to breach associates of the Joe Biden campaign, while hackers with reported connections to the Iranian government targeted President Donald Trump’s reelection campaign, Microsoft warned Thursday.
In addition, the same Russian military hackers that interfered in the 2016 U.S. election targeted a range of political and policy consultants in the U.S. and Europe, the software giant said.
The hacking attempts against the Biden and Trump campaigns were unsuccessful, Microsoft said, but they offered another example of foreign espionage efforts weeks before the presidential election. U.S. intelligence officials said last month that Russia was using a “range of measures” to try to undermine Biden’s candidacy, while the Chinese government had expanded its influence operations and doesn’t want Trump to win a second term.
“We have directly notified those who were targeted or compromised so they can take action to protect themselves,” Tom Burt, a Microsoft corporate vice president, wrote in a blog post on Thursday.
“The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported,” he said.
The Chinese hacking group, which Microsoft calls Zirconium, “has attacked high-profile individuals associated with the election,” including people affiliated with Biden’s campaign, Burt said. Phosphorous, the Iranian group, has continued to try to break into the personal accounts of Trump campaign associates, he added. Microsoft said nearly a year ago that Phosphorus was targeting a U.S. political campaign, but did not name the target.
Governments around the world routinely use their computer operatives to gather intelligence on candidates’ policy positions during presidential campaigns. In more extreme cases, that reconnaissance turns into disruptive actions, like the Russian hack-and-leak operation aimed at damaging Hillary Clinton in the 2016 election.
Burt also said that one of the same Russian hacking groups that interfered in the 2016 election— known as Fancy Bear, APT28 or Strontium — had been targeting political consultants for Republicans and Democrats. That was part of a broader hacking campaign from Fancy Bear that affected more than 200 organizations, many of which are affiliated with the U.S. election or political organizations in Europe.
Burt said the majority of the attacks — whether from Chinese, Russian or Iranian groups — were blocked.
“Multiple cyber espionage actors have targeted organizations associated with the upcoming election, but we remain most concerned by Russian military intelligence, who we believe poses the greatest threat to the democratic process,” said John Hultquist, senior director of analysis at Mandiant Threat Intelligence.
“Parties and campaigns are good sources of intelligence on future policy and it’s likely Iranian and Chinese actors targeted US campaigns to quietly collect intelligence, but APT28’s unique history raises the prospect of follow-on information operations or other devastating activity,” Hultquist added.