Microsoft detects new cyberattacks targeting 2020 election

China, Russia & Iran seek access to accounts of Trump and Biden campaign officials

Microsoft has detected new cyberattacks from Russia, China and Iran looking to target people and organizations both indirectly and directly involved in the upcoming 2020 election ahead of November.

"The majority of these attacks were detected and stopped by security tools built into our products," Microsoft Corporate Vice President of Customer Security and Trust, Tom Burt, said in a statement. "We have directly notified those who were targeted or compromised so they can take action to protect themselves. We are sharing more about the details of these attacks today, and where we’ve named impacted customers, we’re doing so with their support."

Ticker Security Last Change Change %
MSFT MICROSOFT CORP. 413.64 +5.92 +1.45%

The tech giant found that Russian hacking group Strontium has attacked more than 200 organizations since September 2019 that are indirectly or drectly affiliated with the upcoming U.S. election as well as political and policy-related organizations in Europe, including:

  • U.S.-based consultants serving Republicans and Democrats;
  • Think tanks such as The German Marshall Fund of the United States and advocacy organizations;
  • National and state political party organizations

According to Microsoft, Strontium is launching campaigns to harvest people’s log-in credentials or compromise their accounts, presumably to aid in intelligence gathering or disruption operations. The hacking group was previously identified in the Mueller Report as the organization primarily responsible for the attacks on the Democratic presidential campaign in 2016.


Microsoft also discovered thousands of attacks from Chinese hacking group Zirconium from March 2020 into September that have resulted in nearly 150 compromises. The company said that Zirconium has indirectly and unsuccessfully targeted the Biden campaign through non-campaign email accounts belonging to people affiliated with the campaign.

"We are aware of reports from Microsoft that a foreign actor has made unsuccessful attempts to access the non-campaign email accounts of individuals affiliated with the campaign," Deputy National Press Secretary for the Biden campaign Matt Hill told FOX Business in a statement. "We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them. Biden for President takes cybersecurity seriously, we will remain vigilant against these threats, and will ensure that the campaign's assets are secured."

The group has also targeted at least one prominent individual formerly associated with the Trump Administration.

Individuals in the international affairs community were also targeted. These accounts range from academics in more than 15 universities and accounts tied to 18 international affairs and policy organizations including the Atlantic Council and the Stimson Center.

According to Microsoft, Zirconium uses what is referred to as web bugs, which send a URL in email, text, or as an attachment to an account which allows the group to perform reconnaissance to determine if an account is valid.


In addition, Microsoft said Irananian hacking group Phosphorus unsuccessfully attempted to log into personal and work accounts of administration officials and Donald J. Trump for President campaign staff between May and June 2020.

“As President Trump’s re-election campaign, we are a large target, so it is not surprising to see malicious activity directed at the campaign or our staff," Deputy National Press Secretary for the Trump campaign Thea McDonald told FOX Business in a statement. "We work closely with our partners, Microsoft and others, to mitigate these threats. We take cybersecurity very seriously and do not publicly comment on our efforts.”

Microsoft has previously taken legal action against Phosphorus’ infrastructure and its efforts late last year to target a U.S. presidential campaign. Last month, Microsoft was given permission by a federal court in Washington, D.C. to take control of 25 new internet domains used by Phosphorus. To date, Microsoft has taken control of 155 Phosphorus domains.


Microsoft added that additional federal funding is needed in the U.S. so states can better protect their election infrastructure.

"We continue to encourage state and local election authorities in the U.S. to harden their operations and prepare for potential attacks. But as election security experts have noted, additional funding is still needed, especially as resources are stretched to accommodate the shift in COVID-19-related voting," Microsoft said. "We encourage Congress to move forward with additional funding to the states and provide them with what they need to protect the vote and ultimately our democracy."

The new warning from Microsoft comes following a report issued by the Office of the Director of National Intelligence last month.