Russian hacking group blamed for US election meddling is doing it again, Microsoft says

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Microsoft has said that foreign groups are once again targeting the 2020 presidents election in order to disrupt its results.

The company says that it has seen evidence of attacks originating from Russia, China, and Iran.

The groups have attacked both the Biden and Trump campaigns.

The Russian group Strontium has attacked over 200 organizations including political campaigns, advocacy groups, parties and political consultants, it said in a blog post. 

Strontium, which is also known as Fancy Bear, was identified in Robert Mueller’s report on interference in the 2016 election, and was primarily responsible for the attacks on the DNC.

According to Microsoft, the group is harvesting people’s log-in credentials and attempting to compromise their accounts in order to aid their intelligence gathering.

It has “evolved its tactics since the 2016 election to include new reconnaissance tools and new techniques to obfuscate their operations”, Microsoft says.

The technology giant also said that it has been monitoring the attacks for several months, but can only now attribute the activity to Stronium “with high confidence”.

Zirconium, which is a Chinese operation, has targeted high profile individuals including those working for Democratic candidate Joe Biden’s campaign and “prominent leaders in the international affairs community”.

This group unsuccessfully targeted non-campaign accounts of people working for Mr Biden, and “one prominent individual formerly associated with the Trump administration”.

However, Microsoft says that it has detected thousands of attacks between March and September 2020.

The hackers are doing this through URLs sent via email or text messages, using hidden code to check if a user attempted to access the website which is controlled by the hackers. This is used to see if the account is active or inactive.

From Iran, a group called Phosphorous, has “continued to attack” accounts of people associated with Donald Trump.

Phosphorous attempted to access both work and personal accounts of those working on the US election.

Between May and June 2020, it unsuccessfully attempted to log into accounts associated with Mr Trump and his campaign staff.

In response to the report, China and Russia denied any activity interfering with the 2020 election.

Dmitry Peskov, a spokesman for President Vladimir Putin, said that Russia had never tried to interfere in other countries’ elections, according to the BBC.

Microsoft "should not make accusations against China out of nothing", said Chinese foreign ministry spokesman Zhao Lijian.

A spokesperson for the Iranian foreign ministry also denied the report, saying it was “basically inadmissible and absurd”.

"United States of America has interfered for decades in the elections of other countries including Iran ... US is leading disinformation campaigns against other countries. Therefore US is not in a position to have such claim," foreign ministry spokesman Saeed Khatibzadeh said, as reported by CNN.