Reports in Summer of 2020 indicated that Russia attempted to steal COVID-19 vaccine research from facilities in the U.S., UK, and Canada. The UK’s National Cyber Security Centre issued an advisory about an ongoing hacking campaign, involving phishing attacks, malware, and the exploitation of vulnerabilities in VPN services.
These attacks have been blamed on APT 29 or Cozy Bear, which has been tied to the Russian government. Previously, the group has been accused of hacking into the Democratic National Committee during the 2016 election cycle.
The advisory explains that the group has been scanning their victims’ computer networks for publicly known vulnerabilities, and exploiting them. The hacks rely heavily on attacking VPN software from Citrix, Pulse, and Fortinet in addition to utilizing phishing attacks. Once the hackers gain access to the victim’s networks, they install malware strains, including “WellMess” and “WellMail.” These infections can execute commands on a compromised computer, including the uploading and downloading of files. As a result of the advisory, authorities in the affected countries urged research companies to safeguard their networks better.
Although the Kremlin has denied any involvement in computer hacking, Russian hacking has been a hot topic in the news for several years and is only being talked about more as the 2020 U.S. election gets closer. According to Microsoft, not only Russian but also Chinese and Iranian hackers have attempted to compromise individuals and organizations involved with the 2020 U.S. presidential election.
“The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election,” Microsoft said in a post about new cyberattacks targeting U.S. elections on its website.
U.S. cybersecurity officials have also acknowledged these election-related hacking attempts, although they state that there is no evidence that election systems were affected.
“It is important to highlight that none are involved in maintaining or operating voting infrastructure and there was no identified impact on election systems,” Chris Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, told CNN in August of 2020.
Although there has not been any recognized impact on election systems as of yet, there are a plethora of other disturbances that carry political implications as a result of these targeted foreign attacks against the U.S.
Russia
Russian military intelligence hackers “Fancy Bear” have targeted consultants working with both Republicans and Democrats, as well as national and state party groups in the U.S., and other organizations, including think tanks like the German Marshall Fund of America.
According to Sydney Simon, a spokesperson with the German Marshall Fund, “This campaign, which has affected more than 200 organizations in total, are directly or indirectly affiliated with the upcoming U.S. election as well as political and policy-related organizations in Europe.”
China
Chinese hackers have targeted the Biden campaign through email accounts belonging to people associated with the campaign, according to Microsoft.
“The group has also targeted at least one prominent individual formerly associated with the Trump Administration,” – Microsoft.
The hackers have also targeted universities, academics, and think tanks, including the Atlantic Council. In all, Microsoft says that it has “detected thousands of attacks from (Hacking Group) Zirconium between March 2020 and September 2020 resulting in nearly 150 compromises.”
Iran
Microsoft states that the Iranian hacking group “Phosphorous” unsuccessfully attempted to log into the accounts of administration officials and Donald J. Trump for President campaign staff between May and June of 2020.
With the hacking attempts and the subsequent investigations to continue relating to the November 2020 election, we may not learn the level to which the results may have been compromised until early in 2021.
If you are still having trouble, consider contacting remote technical support options.
