Skip to Content

The Russian hackers who interfered in 2016 were spotted targeting the 2020 US election

Russia, China, and Iran have been caught conducting cyber espionage related to the US presidential race.
Vladimir Putin, the president of Russia
Vladimir Putin, the president of Russia

Russian military hackers responsible for cyberattacks against Democratic targets during the 2016 American election are now targeting over 200 organizations in the United States (including political parties, think tanks, and consultants serving both Democrats and Republicans), according to Microsoft, which is increasingly calling out Russian cyber espionage.

In the final weeks before the November 3 election, the Russian hackers are employing new tactics, tools, and ways to disguise their role in the attacks, Microsoft vice president Tom Burt wrote on Thursday. Democratic nominee Joe Biden’s campaign was specifically targeted by the Russian hackers, according to an earlier report from Reuters, via phishing attacks against the campaign’s communications advisors, SKDKnickerbocker. None of the attacks were successful.

This particular Russian hacking group, called Strontium by Microsoft, is more widely known as Fancy Bear or APT28 and is believed to operate out of Russia’s military intelligence agency, GRU. The details of these incidents recall the sustained hacking and information warfare carried out in favor of Trump against former Democratic presidential candidate Hillary Clinton’s campaign in 2016.

Fancy Bear has long relied on spearphishing, a hacking tactic that tricks a targeted individual into giving up key passwords. This time, the group is taking a different approach with brute-force and password-spraying attacks, a shift in tactics that allows for both larger-scale attacks and greater anonymity for the attackers.

Microsoft has also spotted state-sponsored hackers in China and Iran targeting individuals involved in both Donald Trump’s and Joe Biden’s presidential campaigns. But experts say Moscow is the adversary that worries them the most, given Russia’s lengthy track record.

“Multiple cyber-espionage actors have targeted organizations associated with the upcoming election, but we remain most concerned by Russian military intelligence, who we believe poses the greatest threat to the democratic process,” said John Hultquist from the cybersecurity firm FireEye. This particular Russian hacking group is responsible for some of the most provocative and aggressive cyber operations of all time. 

“APT28’s unique history raises the prospect of follow-on information operations or other devastating activity,” Hultquist explained.

The newly disclosed hacking attempts underline threats to American election security with the vote less than two months away.

On Wednesday, a new report revealed that a senior Homeland Security official said he had been ordered to stop intelligence reports about current Russian election interference because it “made the president look bad.” According to a newly published whistleblower complaint (pdf), former DHS intelligence chief Brian Murphy claimed he had been asked to stop providing reports of Russia’s activity and encouraged to focus on threats from China and Iran instead. 

The department denies the complaint, which arrives against a backdrop of controversial election security moves including the Trump administration’s decision to stop providing the full Senate with briefings on the issue.

At the same time, the US Treasury department announced new sanctions against four Russian-linked individuals for attempts to interfere in the upcoming American election. Three people are allegedly members of the Internet Research Agency, the notorious Russian group conducting malicious information operations on social media.

Deep Dive


Inside the hunt for new physics at the world’s largest particle collider

The Large Hadron Collider hasn’t seen any new particles since the discovery of the Higgs boson in 2012. Here’s what researchers are trying to do about it.

How ASML took over the chipmaking chessboard

MIT Technology Review sat down with outgoing CTO Martin van den Brink to talk about the company’s rise to dominance and the life and death of Moore’s Law.


How Wi-Fi sensing became usable tech

After a decade of obscurity, the technology is being used to track people’s movements.

Algorithms are everywhere

Three new books warn against turning into the person the algorithm thinks you are.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.