The hackers who targeted Hillary Clinton’s 2016 presidential campaign are attempting to disrupt the US election again, Microsoft has said.
The software company said it had detected a series of attempted cyber attacks on people involved in the Trump and Biden campaigns, including some by the notorious Russian military group known as Fancy Bear, which Microsoft code-names Strontium.
Political parties in the UK and Europe have also been targeted by the group, which has changed its tactics since 2016, said Tom Burt, Microsoft’s head of customer security and trust.
Previously focused on “spear-phishing”, where targets are sent well-disguised fake emails in a bid to get them to click on links or share information so hackers can steal their credentials, they are now trying to crack accounts by mass-guessing passwords, most likely using automation.
The Clinton campaign and the Democratic National Committee experienced significant attacks in the run-up to the 2016 US elections, including the release of 20,000 pages of emails from her campaign chair John Podesta’s personal account, which US intelligence agencies attributed to Fancy Bear.
“Similar to what we observed in 2016, Strontium is launching campaigns to harvest people’s log-in credentials or compromise their accounts, presumably to aid in intelligence gathering or disruption operations.
“Many of Strontium’s targets in this campaign, which has affected more than 200 organizations in total, are directly or indirectly affiliated with the upcoming U.S. election as well as political and policy-related organizations in Europe,” Mr Burt wrote in a post on Microsoft’s website.
A second Chinese hacking group, code-named Zirconium by Microsoft and also known as APT31, has made thousands of attacks, 150 of which were successful, and is targeting personal email accounts of people involved in the Biden campaign, as well as “at least one prominent individual formerly associated with the Trump Administration”.
A third Iranian group, code-named Phosphorous, has targeted the Trump campaign.
In June, Google’s internal threat intelligence group said Chinese and Iranian hackers including APT31 had been targeting both the Trump and the Biden campaign.