Russian state hackers are targeting Biden and Trump campaigns, MSFT warns
Fancy Bear—the Russian state hacking group that brought you the smash-and-leak attacks on the Democratic National Committee and World Anti-Doping Agency, the NotPetya worm that inflicted billions of dollars of damage worldwide, and the VPN Filter compromise of 500,000 routers—is targeting organizations involved in elections taking place in the US and UK, Microsoft has warned.
Over a two-week period last month, the group attempted attacks on more than 6,900 accounts belonging to 28 organizations, Microsoft said. Between September 2019 and last June, Fancy Bear targeted tens of thousands of accounts belonging to employees of more than 200 organizations. The hackers use two techniques—one known as “brute forcing” and the other called “password spraying”—in an attempt to obtain targets’ Office365 login credentials. So far, none of the attacks has succeeded.
Security researchers from a host of companies widely agree that Fancy Bear works on behalf of the GRU, Russia’s military intelligence agency. The GRU has been tied to more than a decade of advanced hacking campaigns, including several that have inflicted serious damage to national security. Industry members use an assortment of colorful names to refer to the group. Besides Fancy Bear, there’s also Pawn Storm, Sofacy, Sednit, and Tsar Team. Microsoft’s name for the outfit is Strontium.
Source : https://arstechnica.com/?p=1705249