How State‑Backed Hackers Targeted the 2020 US Election: Microsoft’s Findings

Microsoft reported that state‑backed hacker groups from Russia, Iran and other countries are targeting organizations and individuals involved in the 2020 U.S. presidential election.

Tom Burt, Microsoft’s vice‑president for customer security, said the attackers focus not only on candidates and campaign staff but also on the consulting teams behind them.

In recent weeks, the Russian‑linked espionage group Strontium (also known as Sofacy, APT28, Fancy Bear, Sednit) has compromised more than 200 entities directly or indirectly related to the election. Known for the 2016 interference, Strontium’s primary goals are credential theft, account sabotage and intelligence gathering to disrupt the vote.

The Iranian group Phosphorus (aka Rocket Kitten, Newscaster) targeted several personal accounts tied to Donald Trump’s campaign. Microsoft detected attempts in May‑June 2020 to log into accounts of Trump’s aides and U.S. officials, but achieved little success.

According to Reuters, the main consulting firm for Democratic candidate Joe Biden, SKDKnickerbocker, recently suffered attacks from Russian‑backed hackers.

Insiders say the hackers focused on the firm’s public‑affairs and political‑consulting operations in Washington, which handle media relations and strategy for Democratic campaigns.

Microsoft noted that attempts to breach individuals linked to both Trump and Biden campaigns have not succeeded.

Although the Russian‑linked actors managed to deface the firm’s website, robust security prevented network intrusion. The tactics observed included phishing and other methods designed to penetrate SKDK’s systems.

A prior public assessment by the U.S. National Counterintelligence and Security Center highlighted a “series of measures” by Russia to influence the 2020 election and mentioned Ukrainian pro‑Russian forces seeking to undermine Biden, which Russia later denied.