A Russian military hacking group that was caught meddling in the 2016 presidential race has shifted tactics ahead of the November election, Microsoft said Thursday.
Hackers in China and Iran have also stepped up efforts to obtain password information for people involved in the campaigns of President Trump and former Vice President Joe Biden, the computer giant said.
The Russian group — which Microsoft calls Strontium, but which is also known by names including “Fancy Bear” and APT28 — “launched credential harvesting attacks against tens of thousands of accounts at more than 200 organizations” between September 2019 and June 2020,” according to a blog post by the Microsoft Threat Intelligence Center.
More recently, the hackers “targeted 6,912 accounts belonging to 28 organizations” just between August 19 and Sept. 3, the MSTIC said.
Those organizations, located in both the US and the UK, are “directly involved in political elections” and the hackers appear to be laying the groundwork for “future surveillance or intrusion operations,” the MSTIC said.
“None of these accounts were successfully compromised,” it added.
Fancy Bear has been implicated in Russia’s meddling in the 2016 election, with 12 military intelligence officers indicted for allegedly hacking the emails of the Democratic National Committee and Hillary Clinton.
But unlike in 2016, when the Russian hackers “relied heavily upon spear phishing” — which uses fraudulent emails to obtain confidential information — the recent attacks involve “a different approach, namely, brute-force/password-spray tooling,” according to Microsoft.
“This shift in tactics, also made by several other nation-state actors, allows them to execute large-scale credential harvesting operations in a more anonymized manner,” the MSTIC said.
In a related blog post, Microsoft exec Tom Burt said that another group of hackers from China, called Zirconium, “has attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community.
A third group, called Phosphorus and operating from Iran, has also “continued to attack the personal accounts of people associated with the Donald J. Trump for President campaign,” Burt said.
“The majority of these attacks were detected and stopped by security tools built into our products,” he said.
“We have directly notified those who were targeted or compromised so they can take action to protect themselves.”
Share this article:
Source: Read Full Article