Election hacking is back in the news: Microsoft Corp. today warned that state-sponsored hacking groups are targeting both the Trump and the Biden U.S. presidential campaigns.

The advisory from Microsoft points the finger at three countries — Russia, China and Iran — as being behind attacks, said to be targeting “people and organizations involved in the upcoming presidential election.”

According to Microsoft, the Russian election interference campaign is being led by a hacking group called Strontium. It has attacked more than 200 organizations, including political campaigns, advocacy groups, parties and political consultants.

The same hacking group was targeted by Microsoft in July 2017 with legal action. Strontium is also more commonly known in security circles as Fancy Bear. Both the U.S. National Security Agency and the Federal Bureau of Investigation issued a joint warning about the group distributing a new form of malware Aug. 13.

The alleged interference campaign out of mainland China has been linked to a hacking group dubbed Zirconium. Microsoft claims the Zirconium campaign has attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community. Zirconium is also known as APT 31. Google LLC warned in June that the hacking group was targeting both the Trump and the Biden campaigns.

Rounding out the allegations, Iran is also said to be interfering with the presidential campaigns through a group called Phosphorus. The alleged Iranian group is said to be specifically targeting personal accounts of people linked to the Trump campaign. Although activity across all three groups appears to be rising ahead of the election, none of this is actually new: Microsoft first warned Phosphorus targeting the Trump campaign in October last year.

“The majority of these attacks were detected and stopped by security tools built into our products,” wrote Tom Burt, corporate vice president for customer security and trust at Microsoft. “We have directly notified those who were targeted or compromised so they can take action to protect themselves. We are sharing more about the details of these attacks today, and where we’ve named impacted customers, we’re doing so with their support.”

Brandon Hoffman, chief information security officer at IT service management company Netenrich Inc., told SiliconANGLE that it’s not surprising to see this activity uptick.

“Reports about these attacks that highlight the techniques paint a different picture from last [campaign] season,” he said. “The initial techniques used in the previous attacks were more focused on the people, arguably the lowest barrier to entry. In the current cadre of attempts, it seems the attackers are targeting the technology more directly.”

Hoffman said the most interesting thing about the attack techniques used so far is how closely they resemble the most popular techniques used by cybercriminals. “Perhaps this serves to strengthen the notion that in many geographies there is a very thin line between nation-state and cybercrime, if there is a line at all,” he said.

Roger Grimes, data driven defense evangelist at security awareness training firm KnowBe4 In, noted that this is also a good example of how sophisticated and proactive companies are today.

“Microsoft and other vendors, like Google, have been doing this for many years,” he said. “A decade ago, this would have been something solely in the realm of a three-letter agency that noticed, likely accidentally while investigating some other victim, and got involved in. Today, it’s independent vendors who have the tools and telemetry to proactively warn their customers, big and small.”

Photo: Andrea Widburg/Flickr