Skip to Content
Computing

The Russian hackers who interfered in 2016 were spotted targeting the 2020 US election

Russia, China, and Iran have been caught conducting cyber espionage related to the US presidential race.
Vladimir Putin, the president of Russia
Vladimir Putin, the president of Russia

Russian military hackers responsible for cyberattacks against Democratic targets during the 2016 American election are now targeting over 200 organizations in the United States (including political parties, think tanks, and consultants serving both Democrats and Republicans), according to Microsoft, which is increasingly calling out Russian cyber espionage.

In the final weeks before the November 3 election, the Russian hackers are employing new tactics, tools, and ways to disguise their role in the attacks, Microsoft vice president Tom Burt wrote on Thursday. Democratic nominee Joe Biden’s campaign was specifically targeted by the Russian hackers, according to an earlier report from Reuters, via phishing attacks against the campaign’s communications advisors, SKDKnickerbocker. None of the attacks were successful.

This particular Russian hacking group, called Strontium by Microsoft, is more widely known as Fancy Bear or APT28 and is believed to operate out of Russia’s military intelligence agency, GRU. The details of these incidents recall the sustained hacking and information warfare carried out in favor of Trump against former Democratic presidential candidate Hillary Clinton’s campaign in 2016.

Fancy Bear has long relied on spearphishing, a hacking tactic that tricks a targeted individual into giving up key passwords. This time, the group is taking a different approach with brute-force and password-spraying attacks, a shift in tactics that allows for both larger-scale attacks and greater anonymity for the attackers.

Microsoft has also spotted state-sponsored hackers in China and Iran targeting individuals involved in both Donald Trump’s and Joe Biden’s presidential campaigns. But experts say Moscow is the adversary that worries them the most, given Russia’s lengthy track record.

“Multiple cyber-espionage actors have targeted organizations associated with the upcoming election, but we remain most concerned by Russian military intelligence, who we believe poses the greatest threat to the democratic process,” said John Hultquist from the cybersecurity firm FireEye. This particular Russian hacking group is responsible for some of the most provocative and aggressive cyber operations of all time. 

“APT28’s unique history raises the prospect of follow-on information operations or other devastating activity,” Hultquist explained.

The newly disclosed hacking attempts underline threats to American election security with the vote less than two months away.

On Wednesday, a new report revealed that a senior Homeland Security official said he had been ordered to stop intelligence reports about current Russian election interference because it “made the president look bad.” According to a newly published whistleblower complaint (pdf), former DHS intelligence chief Brian Murphy claimed he had been asked to stop providing reports of Russia’s activity and encouraged to focus on threats from China and Iran instead. 

The department denies the complaint, which arrives against a backdrop of controversial election security moves including the Trump administration’s decision to stop providing the full Senate with briefings on the issue.

At the same time, the US Treasury department announced new sanctions against four Russian-linked individuals for attempts to interfere in the upcoming American election. Three people are allegedly members of the Internet Research Agency, the notorious Russian group conducting malicious information operations on social media.

Deep Dive

Computing

Everything dies, including information

Digitization can help stem the tide of entropy, but it won’t stop it.

What’s next in cybersecurity

“When it comes to really cutting off ransomware from the source, I think we took a step back.”

Cyber resilience melds data security and protection

Organizations face pervasive and sophisticated cyberattacks, but modern data protection techniques can provide a multifaceted defense.

A new age of disaster recovery planning for SMEs

How cybersecurity threats have morphed, why SMEs need to plan for disaster recovery, and what they should do about it.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.