Hackers from Russia, China and Iran targeting Biden and Trump, Microsoft says

The software giant’s report highlights how both US presidential campaigns are at risk from digital spies

Hackers linked to Russia, China, and Iran are trying to spy on people tied to both US president Donald Trump and Democratic challenger Joe Biden, Microsoft Corp said on Thursday.

The report came after one of Mr Biden’s main campaign advisory firms had been warned by the software giant that it was in the crosshairs of the same Russian hackers who intervened in the 2016 US election.

The Microsoft statement highlights how advisers to both presidential campaigns are at risk from digital spies around the globe, as the two candidates face off on November 3rd in one of the most consequential US presidential elections in decades.

The announcement by Microsoft's vice president for customer security, Tom Burt, said the group accused of breaching Hillary Clinton's campaign emails in 2016 – a Russian military intelligence linked unit widely known as Fancy Bear – had spent the past year trying to break into accounts belonging to political consultants serving both Republicans and Democrats as well as advocacy organisations and think tanks.


Mr Burt also said Chinese hackers had gone after people "closely associated with US presidential campaigns and candidates" – including an unnamed Mr Biden ally who was targeted through a personal email address and "at least one prominent individual formerly associated with the Trump Administration. "

He added that Iranian hackers – which Microsoft has already called out publicly for attempts to spy on a US political campaign that Reuters identified as being Trump’s – had since tried to log into accounts belonging to Trump administration officials and members of the Republican president’s campaign staff.

Microsoft’s announcement was planned before Reuters broke the news that Fancy Bear was suspected of targeting Washington-based SKDKnickerbocker, a campaign strategy and communications firm working with Biden and other prominent Democrats.

Mr Burt did not name any of the political consultants involved and Microsoft declined to comment on whether SKDK was among the consultants it had identified as targets.

SKDK has declined comment.

Mr Burt said the Chinese effort to compromise the Biden ally and the Iranian spying against the Trump campaign were unsuccessful, but his blog post provided no detail on the hacking campaign attributed to Russia or the effort to compromise the well-known former Trump associate.

Speaking generally, he said that foreign hacking was intensifying as the vote drew nearer.

“The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated,” Mr Burt said.

The Department of Homeland Security's top cyber official, Christopher Krebs, said Microsoft's warning was consistent with earlier statements issued by the intelligence community about Russian, Chinese, and Iranian spying on election-related targets.

“It is important to highlight that none are involved in maintaining or operating voting infrastructure and there was no identified impact on election systems,” Mr Krebs said.

The Biden and Trump campaigns both said they were aware of the targeting and weren’t surprised by it.

Russian Embassy press secretary Nikolay Lakhonin pushed back on the allegations, saying Americans had been discussing "so-called 'interference'" for years without presenting what he described as "factual evidence." Alireza Miryousefi, spokesman for Iran's UN mission in New York, said it was "preposterous to even think that Iran would conduct hacking."

The Chinese Embassy in Washington did not immediately return messages. Beijing has previously denied allegations of cyber espionage.

State-backed hackers going after politicians in an election year is not unusual.

"Parties and campaigns are good sources of intelligence on future policy," said John Hultquist, an analyst at cybersecurity company FireEye's Mandiant unit.

But he said he was particularly concerned by the news that Fancy Bear was active, saying the group history of leaking data it hacked “raises the prospect of follow-on information operations or other devastating activity.” –Reuters