Russian military hackers responsible for cyberattacks against Democratic targets during the 2016 American election are now targeting over 200 organizations in the United States (including political parties, think tanks, and consultants serving both Democrats and Republicans), according to Microsoft, which is increasingly calling out Russian cyber espionage.
In the final weeks before the November 3 election, the Russian hackers are employing new tactics, tools, and ways to disguise their role in the attacks, Microsoft vice president Tom Burt wrote on Thursday. Democratic nominee Joe Biden’s campaign was specifically targeted by the Russian hackers, according to an earlier report from Reuters, via phishing attacks against the campaign’s communications advisors, SKDKnickerbocker. None of the attacks were successful.
This particular Russian hacking group, called Strontium by Microsoft, is more widely known as Fancy Bear or APT28 and is believed to operate out of Russia’s military intelligence agency, GRU. The details of these incidents recall the sustained hacking and information warfare carried out in favor of Trump against former Democratic presidential candidate Hillary Clinton’s campaign in 2016.
Fancy Bear has long relied on spearphishing, a hacking tactic that tricks a targeted individual into giving up key passwords. This time, the group is taking a different approach with brute-force and password-spraying attacks, a shift in tactics that allows for both larger-scale attacks and greater anonymity for the attackers.
Microsoft has also spotted state-sponsored hackers in China and Iran targeting individuals involved in both Donald Trump’s and Joe Biden’s presidential campaigns. But experts say Moscow is the adversary that worries them the most, given Russia’s lengthy track record.
“Multiple cyber-espionage actors have targeted organizations associated with the upcoming election, but we remain most concerned by Russian military intelligence, who we believe poses the greatest threat to the democratic process,” said John Hultquist from the cybersecurity firm FireEye. This particular Russian hacking group is responsible for some of the most provocative and aggressive cyber operations of all time.
“APT28’s unique history raises the prospect of follow-on information operations or other devastating activity,” Hultquist explained.
The newly disclosed hacking attempts underline threats to American election security with the vote less than two months away.
On Wednesday, a new report revealed that a senior Homeland Security official said he had been ordered to stop intelligence reports about current Russian election interference because it “made the president look bad.” According to a newly published whistleblower complaint (pdf), former DHS intelligence chief Brian Murphy claimed he had been asked to stop providing reports of Russia’s activity and encouraged to focus on threats from China and Iran instead.
The department denies the complaint, which arrives against a backdrop of controversial election security moves including the Trump administration’s decision to stop providing the full Senate with briefings on the issue.
At the same time, the US Treasury department announced new sanctions against four Russian-linked individuals for attempts to interfere in the upcoming American election. Three people are allegedly members of the Internet Research Agency, the notorious Russian group conducting malicious information operations on social media.