The Same Russians Who Hacked Clinton Are Targeting Biden

Uploaded on 2020-10-12 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Microsoft says that the same group of cyber criminals from Russia that attempted to interfere in the 2016 US election are trying to break into email accounts belonging to staff members from across the political spectrum.

Other hackers from China and Iran are also attempting to spy on the presidential campaigns of Donald Trump and Joe Biden, according to Microsoft. 

The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently warned that foreign groups and other malicious actors online are spreading disinformation around potential cyber attacks on US election infrastructure.  “During the 2020 election season, foreign actors and cyber criminals are spreading false and inconsistent information through various online platforms in an attempt to manipulate public opinion, discredit the electoral process, and undermine confidence in US democratic institutions,” the agencies wrote 

Officials with the Department of Homeland Security and US intelligence have been saying for years that Russia and other nations will try to use hacking and disinformation to undermine the 2020 contest. This would be similar to the last presidential race, when they leaked reams of embarrassing information about Democratic nominee Hillary Clinton in an effort to help Donald Trump.  Then the agencies warned that US voter information is widely available through other avenues than illegal hacking, and that access to voter information had not impacted election results. 

Hackers targeted staff at Washington DC firm SKDKnickerbocker, a campaign strategy and communications firm working with Biden. ​Microsoft identified the suspected hacking group as the same set of spies blamed by the US government for breaking into the campaign of Democratic former presidential candidate Hillary Clinton and leaking the emails of her staff, two of the sources said. 

The group, which many researchers refer to as “Fancy Bear,” is controlled by the Russia’s military intelligence agency, according to reports from the US intelligence community released after the 2016 election. A person familiar with SKDK’s response to the attempts said the hackers failed to gain access to the firm’s networks. “They are well-defended, so there has been no breach,” the person said.

US intelligence agencies have raised alarms about possible efforts by foreign governments to interfere in the November presidential election.

Investigations by former special counsel Robert Mueller and the Senate intelligence committee both concluded that affiliates of the Russian government interfered in the 2016 presidential election to try to help Republican Donald Trump get elected. Mueller has warned that Russia was meddling in the current campaign. The Biden campaign said it was aware Microsoft said

One of the sources familiar with the incident told the Washington Post  that it was not clear whether Biden’s campaign was the target or whether the hackers were attempting to gain access to information about other SKDK clients. 

The attempts to infiltrate SKDK were recently flagged to the campaign firm by Microsoft, which identified hackers tied to the Russian government as the likely culprits, according to the three sources briefed on the matter. The attacks included phishing, a hacking method which seeks to trick users into disclosing passwords, as well as other efforts to infiltrate SKDK’s network, the three sources said.

Microsoft believes Fancy Bear is behind the attacks based on an analysis of the group’s hacking techniques and network infrastructure, one of the sources said.

The company, which has extraordinary visibility on digital threats via its widely used Windows operating system and cloud services has taken an increasingly active role in calling out state-backed cyber espionage. In 2018, the company launched its Defending Democracy initiative, aimed in part at safeguarding campaigns from hackers.

It is thought that Iran tried to hack into Gmail accounts used by President Trump’s reelection campaign staff  and that  China, has tried to hack staff for former vice president Joe Biden, Democratic presidential candidate.

These nation state-backed hacking campaigns are likely to be the just the beginning of a general election campaign that will be ripe for disruption by US adversaries.  The kinds of disinformation campaigns being pushed heavily by bots take a variety of forms, including false information about voting logistics like date, place, or fake voting requirements.

Reuters:       Washington Post:       NPR:      Sky:     The Hill:         TechRepublic

You Might Also Read:

US Electoral Infrastructure Is Wide Open To Hackers:

 

« Cambridge Analytica Did Not Influence The Brexit Referendum
Struggling With The Cyber Security Skills Shortage »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

Security Innovation

Security Innovation

Security Innovation is a leader in software security assessments and application security training to top organizations worldwide.

National Cyber League (NCL)

National Cyber League (NCL)

The NCL provides a virtual training ground for participants to develop, practice, and validate their cybersecurity knowledge and skills.

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

Dellfer

Dellfer

Dellfer secures connected cars and other IOT devices through Intrinsic protection, enabling the most sophisticated cybersecurity attacks to be seen instantly and remediated with precision.

EU Joint Research Centre

EU Joint Research Centre

JRC is the European Commission's science and knowledge service which employs scientists to carry out research in order to provide independent scientific advice and support to EU policy.

MyDocSafe

MyDocSafe

MyDocSafe is an all-in-one document security and e-sign software.

Quantum Armor

Quantum Armor

Quantum Armor is a next-gen cyber security monitoring platform that allows you to continuously stay aware of your security posture, and proactively spot trends, vulnerabilities and potential attacks.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

Digistor

Digistor

Digistor is a leading manufacturer of industrial-grade flash storage products, secure storage products, and Removable Secure Data Storage.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.

Protect AI

Protect AI

Protect AI is a cybersecurity company focused on AI & ML systems. Through innovative security products and thought leadership in MLSecOps, we help our customers build a safer AI powered world.

PingSafe

PingSafe

PingSafe is creating the next-generation cloud security platform powered by attackers' intelligence, providing coverage for vulnerabilities that traditional security solutions would otherwise overlook

Actelis Networks

Actelis Networks

Actelis Networks is a market leader in cyber-hardened, rapid deployment networking solutions for wide-area IoT applications.

Securily

Securily

Securily offers the ultimate solution for small to medium-sized businesses, blending cutting-edge AI with expert human insight to deliver the world’s easiest and most effective pentesting experience.

Cyberoo

Cyberoo

We are Cyberoo, a European company specialized in Cybersecurity. We monitor your data security, leaving you free to focus on your business.