Russian military hackers responsible for cyberattacks against Democratic targets during the 2016 American election are now targeting over 200 organizations in the United States (including political parties, think tanks, and consultants serving both Democrats and Republicans), according to Microsoft, which is increasingly calling out Russian cyber espionage.
In the final weeks before the November 3 election, the Russian hackers are employing new tactics, tools, and ways to disguise their role in the attacks, Microsoft vice president Tom Burt wrote on Thursday. Democratic nominee Joe Biden’s campaign was specifically targeted by the Russian hackers, according to an earlier report from Reuters, via phishing attacks against the campaign’s communications advisors, SKDKnickerbocker. None of the attacks were successful.
This particular Russian hacking group, called Strontium by Microsoft, is more widely known as Fancy Bear or APT28 and is believed to operate out of Russia’s military intelligence agency, GRU. The details of these incidents recall the sustained hacking and information warfare carried out in favor of Trump against former Democratic presidential candidate Hillary Clinton’s campaign in 2016.
Fancy Bear has long relied on spearphishing, a hacking tactic that tricks a targeted individual into giving up key passwords. This time, the group is taking a different approach with brute-force and password-spraying attacks, a shift in tactics that allows for both larger-scale attacks and greater anonymity for the attackers.
Microsoft has also spotted state-sponsored hackers in China and Iran targeting individuals involved in both Donald Trump’s and Joe Biden’s presidential campaigns. But experts say Moscow is the adversary that worries them the most, given Russia’s lengthy track record.
“Multiple cyber-espionage actors have targeted organizations associated with the upcoming election, but we remain most concerned by Russian military intelligence, who we believe poses the greatest threat to the democratic process,” said John Hultquist from the cybersecurity firm FireEye. This particular Russian hacking group is responsible for some of the most provocative and aggressive cyber operations of all time.
“APT28’s unique history raises the prospect of follow-on information operations or other devastating activity,” Hultquist explained.
The newly disclosed hacking attempts underline threats to American election security with the vote less than two months away.
On Wednesday, a new report revealed that a senior Homeland Security official said he had been ordered to stop intelligence reports about current Russian election interference because it “made the president look bad.” According to a newly published whistleblower complaint (pdf), former DHS intelligence chief Brian Murphy claimed he had been asked to stop providing reports of Russia’s activity and encouraged to focus on threats from China and Iran instead.
The department denies the complaint, which arrives against a backdrop of controversial election security moves including the Trump administration’s decision to stop providing the full Senate with briefings on the issue.
At the same time, the US Treasury department announced new sanctions against four Russian-linked individuals for attempts to interfere in the upcoming American election. Three people are allegedly members of the Internet Research Agency, the notorious Russian group conducting malicious information operations on social media.
A chip design that changes everything: 10 Breakthrough Technologies 2023
Computer chip designs are expensive and hard to license. That’s all about to change thanks to the popular open standard known as RISC-V.
Modern data architectures fuel innovation
More diverse data estates require a new strategy—and the infrastructure to support it.
Chinese chips will keep powering your everyday life
The war over advanced semiconductor technology continues, but China will likely take a more important role in manufacturing legacy chips for common devices.
The computer scientist who hunts for costly bugs in crypto code
Programming errors on the blockchain can mean $100 million lost in the blink of an eye. Ronghui Gu and his company CertiK are trying to help.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.