A Russian military hacking group that was caught meddling in the 2016 presidential race has shifted tactics ahead of the November election, Microsoft said Thursday. Hackers in China and Iran have also stepped up efforts to obtain password information for people involved in the campaigns of President Trump and former Vice President Joe Biden, the computer giant said.
The Russian group which Microsoft calls Strontium, but which is also known by names including “Fancy Bear” and APT28 “launched credential harvesting attacks against tens of thousands of accounts at more than 200 organizations” between September 2019 and June 2020,” according to a blog post by the Microsoft Threat Intelligence Center.
More recently, the hackers “targeted 6,912 accounts belonging to 28 organizations” just between August 19 and Sept. 3, the MSTIC said. Those organizations, located in both the US and the UK, are “directly involved in political elections” and the hackers appear to be laying the groundwork for “future surveillance or intrusion operations,” the MSTIC said. “None of these accounts were successfully compromised,” it added.
Fancy Bear has been implicated in Russia’s meddling in the 2016 election, with 12 military intelligence officers indicted for allegedly hacking the emails of the Democratic National Committee and Hillary Clinton. But unlike in 2016, when the Russian hackers “relied heavily upon spear phishing” which uses fraudulent emails to obtain confidential information the recent attacks involve “a different approach, namely, brute-force/password-spray tooling,” according to Microsoft.