How secure is your vote from the threat actors? Can you securely cast a secret ballot amid the epidemic? Indeed, a lot of genuine concerns surmount the impending presidential election in the United States. In this article at the Microsoft blog, Tom Burt shares his observation about the emergence of a new cybersecurity attack wave. The attackers have a remarkable opportunity to capitalize on the poll momentum.
The cyber attackers use themes and trending events to conduct malicious attacks. A few weeks back, tech ace Microsoft has uncovered security attacks aiming at enterprises contributing to the imminent presidential election. Unsuccessful strikes over the teams of President Donald Trump and Democratic candidate Joe Biden made headlines. The threat actors have upped their game to dent the election.
Attacks Under the Spotlight
According to the recent observations, these cyber attackers are proactively taking their chances to affect the presidential election:
- Strontium, an infamous Russian group, has actively intruded over 200 organizations, and are directly or indirectly involved in the ongoing political movements. The group was also guilty of the 2016 attacks on the Democratic party’s presidential campaigns. Microsoft’s Threat Intelligence Center (MSTIC) has exposed a string of malicious activities conducted by Strontium in the past one year. The group aims to embark on a campaign to get login credentials and disrupt operations. They have also recently attacked the entertainment, hospitality, manufacturing, financial services, and physical security industries. Since the 2016 election, the group has evolved its actions and ploys with advanced tools and emerging techniques to accomplish their activities. Brute force attacks and password spray the two most commonly used tactics observed in their recent operations.
- Another famous group from China, Zirconium, has been making thousands of attacks since March 2020. They are aiming to breach organizations associated with the elections. So far, their efforts resulted in nearly 150 attacks. Using the web bugs in a legitimate domain, Zirconium emails a seemingly harmless URL either in the email body or as an attachment to unsuspecting users. They encourage the target users to open and enable the bug. They primarily focus on two categories:
- Organizations directly associated with the U.S. presidential campaigns and candidates.
- Prominent public figures, working in the international affairs sectors and universities.
- Phosphorus is an Irani group of hackers that can breach and keep track of many organizations customarily associated with geopolitical, economic, or human rights activities. Microsoft has initiated legal action against the group and got a federal court’s permission to take control of 25 Phosphorus domains. Now, the company has 155 Phosphorus domains. Nonetheless, the Irani cyber attackers have tried to retrieve personal or work data of people involved in the U.S. presidential election.
Click on the following link to read the original article: https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/