One week after Facebook outlined its plan to protect the 2020 US election and highlighted the threat of foreign interference, Microsoft made a claim that underscores the severity of that threat. In a post on its official blog, Microsoft announced that it had “detected cyberattacks targeting people and organizations involved in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns.” According to the blog post, the cyberattacks targeting the upcoming election are originating from groups in three countries, Russia, China and Iran, and each group has its own target.
The tech giant became aware of these groups after tracking several suspected cyberattacks on both individuals and organizations who play a role in the US election. While most of the attacks were unsuccessful, the scope of the hacks amplified concerns about foreign interference. What is even more worrying is the fact that Microsoft’s research and findings only covered Microsoft users, leaving the true extent of the current cyberattacks to speculation. The estimations reached from extrapolating Microsoft’s findings across the country “echo recent assessments from the U.S. intelligence community and other security experts.”
The report from Microsoft outlines the targets and the activities of the three groups, giving each group a code name: Strontium, operating out of Russia; Zirconium, operating out of China; and Phosphorous, operating out of Iran.
When the average American hears about foreign interference in the US election process, their mind most likely jumps to Russian misinformation campaigns on Facebook; Microsoft’s report shows us that the mental connection is warranted.
The group code-named Strontium has been on Microsoft’s Threat Intelligence Center’s (MTIC) radar for quite some time—having been named in the Mueller report as the group primarily responsible for the attacks on Hilary Clinton’s presidential campaign—and their recent activity proves that they deserve the attention. During this hacking campaign, Strontium has been “harvesting log-in credentials presumably to aid in intelligence gathering or disruption operations.”
The MTIC report stressed the significance of the group’s targets.
“Many of Strontium’s targets in this campaign, which has affected more than 200 organizations in total, are directly or indirectly affiliated with the upcoming U.S. election as well as political and policy-related organizations in Europe. These targets include: U.S.-based consultants serving Republicans and Democrats; Think tanks such as The German Marshall Fund of the United States and advocacy organizations; National and state party organizations in the U.S.; and The European People’s Party and political parties in the UK.”Microsoft
The group operating in China, code-named Zirconium, have been very active, launching thousands of attacks since March 2020 and resulting in almost 150 compromises. Politically, the group seems to be targeting the Joe Biden campaign primarily, using web bugs hidden in websites sent to people affiliated with the campaign. Zirconium has “also targeted at least one prominent individual formerly associated with the Trump Administration.”
Outside of politics, the group is targeting the international affairs community, “academics in international affairs from more than 15 universities, and accounts tied to 18 international affairs and policy organizations including the Atlantic Council and the Stimson Center.
The group code-named Phosphorous is another one that the MTIC has been tracking for some time. Last year, the group was tracked making a “significant” number of attacks on a US presidential campaign and Microsoft has taken legal action in the past to combat the group’s hacking efforts.
Recently, the group has continued its mission to disrupt the US election. In May-June 2020, Phosphorous has been targeting officials from Trump administration and members of the Donald J Trump for President campaign staff.