By Raphael Satter
election – Hackers linked to Russia, China, and Iran are trying to spy on people tied to both U.S. President Donald Trump and Democratic challenger Joe Biden, Microsoft Corp said on Thursday.
The report came as Reuters revealed one of Biden’s main campaign advisory firms had been warned by the software giant that it was in the crosshairs of the same Russian hackers who intervened in the 2016 U.S. election.
The Microsoft statement highlights how advisers to both presidential campaigns are at risk from digital spies around the globe, as the two candidates face off on Nov. 3 in one of the most consequential U.S. presidential elections in decades.
The announcement by Microsoft’s vice president for customer security, Tom Burt, said the group accused of breaching Hillary Clinton’s campaign emails in 2016 – a Russian military intelligence-linked unit widely known as Fancy Bear – had spent the past year trying to break into accounts belonging to political consultants serving both Republicans and Democrats as well as advocacy organizations and think tanks.
Burt also said Chinese hackers had gone after people “closely associated with U.S. presidential campaigns and candidates” – including an unnamed Biden ally who was targeted through a personal email address and “at least one prominent individual formerly associated with the Trump Administration.”
He added that Iranian hackers – which Microsoft has already called out publicly for attempts to spy on a U.S. political campaign that Reuters identified as being Trump’s – had since tried to log into accounts belonging to Trump administration officials and members of the Republican president’s campaign staff.
Microsoft’s announcement was planned before Reuters broke the news that Fancy Bear was suspected of targeting Washington-based SKDKnickerbocker, a campaign strategy and communications firm working with Biden and other prominent Democrats.
Burt did not name any of the political consultants involved and Microsoft declined to comment on whether SKDK was among the consultants it had identified as targets.
SKDK has declined comment.
Burt said the Chinese effort to compromise the Biden ally and the Iranian spying against the Trump campaign were unsuccessful, but his blog post provided no detail on the hacking campaign attributed to Russia or the effort to compromise the well-known former Trump associate.
Speaking generally, he said that foreign hacking was intensifying as the vote drew nearer.
“The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated,” Burt said.
The Department of Homeland Security’s top cyber official, Christopher Krebs, said Microsoft’s warning was consistent with earlier statements issued by the intelligence community about Russian, Chinese, and Iranian spying on election-related targets.
“It is important to highlight that none are involved in maintaining or operating voting infrastructure and there was no identified impact on election systems,” Krebs said.
The Biden and Trump campaigns both said they were aware of the targeting and weren’t surprised by it.
Russian Embassy Press Secretary Nikolay Lakhonin pushed back on the allegations, saying Americans had been discussing “so-called ‘interference'” for years without presenting what he described as “factual evidence.” Alireza Miryousefi, spokesman for Iran’s U.N. mission in New York, said it was “preposterous to even think that Iran would conduct hacking.”
China’s foreign affairs ministry spokesman Zhao Lijian said that China has no interest in the U.S. election and has never interfered in it.
The U.S. was an “empire of hackers,” he said, at a daily news briefing in Beijing on Friday.
State-backed hackers going after politicians in an election year is not unusual.
“Parties and campaigns are good sources of intelligence on future policy,” said John Hultquist, an analyst at cybersecurity company FireEye’s Mandiant unit.
But he said he was particularly concerned by the news that Fancy Bear was active, saying the group history of leaking data it hacked “raises the prospect of follow-on information operations or other devastating activity.”
(Reporting by Raphael Satter; additional reporting by Joseph Menn in San Francisco and Michelle Nichols in New York; Editing by Alistair Bell, Tom Brown, Lincoln Feast and Jane Wardell)