The same Russian military intelligence outfit that hacked the Democrats in 2016 has attempted similar intrusions into the computer systems of organizations involved in the 2020 elections, Microsoft said Thursday.
Those efforts, which have targeted more than 200 organizations including political parties and consultants, appear to be part of a broader increase in targeting of US political campaigns and related groups, the company said.
“What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those who they consult on key issues,” Tom Burt, a Microsoft vice-president, said in a blogpost.
Most of the infiltration attempts by Russian, Chinese and Iranian agents were halted by Microsoft security software and the targets notified, he said. The company would not comment on who may have been successfully hacked or the impact.
Microsoft did not assess which foreign adversary poses the greater threat to the integrity of the November presidential election. The consensus among cybersecurity experts is that Russian interference is the gravest. Senior Trump administration officials have disputed that, though without offering any evidence.
Intelligence officials have found that – as in 2016 – the Russian government is attempting to undermine the Democratic candidate and boost Donald Trump’s chances of winning. In 2016, actors working on behalf of the Russian government hacked email accounts of the Democratic National Committee and publicly released stolen files and emails. The Russian government also funded “troll farms” in St Petersburg where nationals pretending to be from the US would post misinformation online to sow unrest.
“This is the actor from 2016, potentially conducting business as usual,” said John Hultquist, the director of intelligence analysis at the cybersecurity firm FireEye. “We believe that Russian military intelligence continues to pose the greatest threat to the democratic process.”
The subject of Russian interference has been an ongoing frustration for Trump, who has disputed the country’s meddling in the 2016 elections despite extensive evidence, calling it a “witch hunt”. Trump loyalists at the Department of Homeland Security have also manipulated and fabricated intelligence reports to downplay the threat of Russian interference, a whistleblower claimed on Wednesday.
A spokeswoman for the Trump campaign said it takes cybersecurity threats “very seriously” and does not publicly comment on specific efforts it is making.
“As President Trump’s re-election campaign, we are a large target, so it is not surprising to see malicious activity directed at the campaign or our staff,” she said. “We work closely with our partners, Microsoft and others, to mitigate these threats.”
The attempted hacks come at a time when election security concerns are remarkably high, given that many people will be voting with mail-in ballots due to the Covid-19 pandemic. An international body in August called these “the most challenging” US election in recent decades.
Campaigns are also at a heightened risk for hacking given that many employees are now working from home without heightened security measures that may exist on workplace computers, said Bob Stevens, the vice-president of mobile security firm Lookout.
“Mobile devices now exist at the intersection of our work and personal lives,” he said. “Considering how reliant we are on them to support all aspects of our lives, bad actors have taken note.”
The Microsoft revelations on Thursday show that Russian military intelligence continues to pursue election-related targets undeterred by US indictments, sanctions and other countermeasures, Hultquist said.
Microsoft, which has visibility into these efforts because its software is both ubiquitous and highly rated for security, did not address whether US officials who manage elections or operate voting systems have been targeted by state-backed hackers this year. US intelligence officials say they have so far not seen no evidence of that.