Microsoft said it was “clear that foreign activity groups have stepped up their efforts” targeting the election.
Both President Donald Trump and Democrat Joe Biden’s campaigns are in the cyber-raiders’ sights.
Russian hackers from the Strontium group have targeted more than 200 organisations, many of which are linked to US political parties – both Republicans and Democrats, Microsoft said in a statement.
The same cyber-attackers also targeted British political parties, said Microsoft, without specifying which ones.
Strontium is also known as Fancy Bear, a cyber-attack unit allegedly affiliated with Russian military intelligence, the GRU.
What else did Microsoft say?
“Similar to what we observed in 2016, Strontium is launching campaigns to harvest people’s log-in credentials or compromise their accounts, presumably to aid in intelligence gathering or disruption operations,” said Tom Burt, a Microsoft vice-president in charge of customer security and trust.
The firm said Chinese hackers had launched attacks targeting individuals connected to Mr. Biden’s campaign, while Iranian hackers had continued efforts targeting people associated with the Trump campaign.
Most of the cyber-attacks had not been successful, according to Microsoft. The attacks have also not been launched on groups that handle the voting systems themselves.
“What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those they consult on key issues,” Mr. Burt said.
“These activities highlight the need for people and organisations involved in the political process to take advantage of free and low-cost security tools to protect themselves as we get closer to election day.”
Microsoft reported that Chinese groups had launched attacks on the personal email accounts of people affiliated with the Biden campaign, as well as “at least one prominent individual formerly associated with the Trump Administration”.
“Prominent individuals” in the international affairs community, academic institutions, and policy organisations were also said to have been targeted by the Chinese hacking group, known as Zirconium.
The Iranian group known as Phosphorus has unsuccessfully sought to access accounts of White House officials and Mr. Trump’s campaign staff between May and June of this year.
Microsoft was unable to determine the aims of the Russian, Chinese and Iranian hackers. Google said back in June that it had detected similar cyber-hack attempts by China and Iran.
Trump campaign deputynational press secretary Thea McDonald said: “We are a large target, so it is not surprising to see malicious activity directed at the campaign or our staff.”
A Biden campaign official said: “We have known from the beginning of our campaign that we would be subject to such attacks and we are prepared for them.”
The report comes a day after a whistleblower at the US Department of Homeland Security alleged he was put under pressure to downplay the threat of Russian interference in the US as it “made the president look bad”.
In 2016, Russia’s attempts to influence the election quickly became politicised and labelled a hoax by some of the president’s supporters. Microsoft’s findings highlight the fact that election interference is a bipartisan issue, with both Republicans and Democrats at risk.
Going into 2020’s consequential vote, it is not just intelligence agencies, but also the private sector that is concerned and taking action to prevent threats to the democratic process.
But they can only do so much without government action. Tom Burt made a point in his post to encourage Congress to pass additional state funding to protect election infrastructure.
He then went further, encouraging countries to ensure peace and security in cyberspace through global initiatives, including one underway at the United Nations.