With the U.S. presidential elections just around the corner, there is an increased pressure on tech companies to prevent interference from malicious groups. Facebook has some strict regulations in place for advertisements during the elections and is labeling state-controlled media outlets along with blocking ads from them as well. Meanwhile, the Biden campaign has banned TikTok from employee mobile devices.
Now, Microsoft has reported that it has noted increased activities from foreign hacker groups targeting U.S. elections.
In a blog post, the company has stated that in the past few weeks, there have been increased cyberattacks on parties involved in both the Trump and Biden campaigns. These attacks primarily come from three groups: Strontium, Zirconium, and Phosphorus.
Strontium is a Russian group which has affected over 200 organizations between September 2019 and today. These include U.S.-based consultants aiding Republicans and Democrats, and national and state party organizations in the country, among others. Strontium's modus operandi includes harvesting login credentials to compromise accounts.
Meanwhile, Zirconium is a Chinese group which has launched thousands of attacks in the past few months, with almost 150 compromises. Microsoft reports that Zirconium has taken a two-pronged approach in its cybercrimes. One of this is targeting people directly associated with presidential campaigns: the Biden campaign has been a primary target, along with at least one individual previously involved in the Trump administration. The second technique of the group's strategy is to target influential people involved in international affairs. Zirconium used "web beacons" to determine whether targeted users have a valid online presence, which it uses for reconnaissance activities.
Lastly, Phosphorus is a group from Iran against which Microsoft took action against last year as well. With help from courts, the tech giant is actively working to take control of web domains being used by this group. It has also noted that there have been multiple unsuccessful attempts from Phosphorus to log in to accounts of the Trump presidential staff.
Despite increased activity from these hacking groups, Microsoft states that it has thwarted most attempts targeting U.S. elections and actively informed those who were targeted as well. The company says:
We disclose attacks like these because we believe it’s important the world knows about threats to democratic processes. It is critical that everyone involved in democratic processes around the world, both directly or indirectly, be aware of these threats and take steps to protect themselves in both their personal and professional capacities. We report on nation-state activity to our customers and more broadly when material to the public, regardless of the actor’s nation-state affiliation. We are taking extra steps to protect customers involved in elections, government and policymaking. We’ll continue to disclose additional significant activity in our efforts to defend democracy.
Moving forward, Microsoft has emphasized that Congress needs to go ahead with increased funding to protect the election process. It has also highlighted several free and low-cost tools such as Microsoft 365 for Campaigns and Account Guard to secure election campaigns.