Microsoft yesterday described evidence it’s developed that indicate extensive Russian, Chinese, and Iranian efforts to penetrate or impede US political campaigns. The Iranian group Phosphorus (Microsoft uses elemental names for threat actors; others call this one APT35 or Charming Kitten) is hitting personal accounts of people associated with President Trump’s campaign. The Chinese group Zirconium (APT31 or Hurricane Panda) is most interested in “high-profile individuals associated with the election,” including some associated with the Biden campaign and “prominent leaders in the international affairs community.” Russia’s Strontium (APT28, the GRU’s own Fancy Bear) has bipartisan interests, and has gone after more than two-hundred targets. These run to campaigns, consultants, political parties, and advocacy groups. Most of the attacks, Microsoft says, were unsuccessful.
The actions Microsoft describes involve intelligence collection and battlespace preparation for influence operations. There are, however, other more direct threats to voting. Since elections depend upon the availability of voting systems and databases, Governing sees the tendency toward widespread criminal use of ransomware as a problem for election officials.
Whether the threat is ransomware or the campaigns Microsoft described in its own warning, much of it is email-borne. The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday offered advice to all “election related entities” on steps they might take to counter email-based attacks.
Data center provider Equinix was hit with Netwalker ransomware over the Labor Day weekend, BleepingComputer reports. The attackers demanded some $4.5 million in ransom in exchange for a decryptor and promises not to expose stolen information.