Russian hackers say they targeted the California and Indiana Democratic parties
The group of Russian hackers accused of meddling in the 2016 U.S. presidential election earlier this year targeted the email accounts of state Democratic parties in California and Indiana, and influential think tanks in Washington and New York. York, according to people with knowledge of the matter.
The intrusion attempts, many of which were internally flagged by Microsoft during the summer, they were performed by a group often nicknamed “Fancy Bear.” The hacker activity provides insight into how Russian intelligence is targeting the United States in the run-up to the November 3 elections.
The targets identified by Reuters, which include the Center for American Progress, the Council on Foreign Relations and the Washington-based Carnegie Endowment for International Peace, said they had seen no evidence of successful hacking attempts.
Fancy Bear is controlled by Russia’s military intelligence agency and was responsible for hacking into the email accounts of Hillary Clinton’s staff in the run-up to the 2016 election, according to a Justice Department indictment filed in 2018.
The news of hacking activity in Russia follows Microsoft’s announcement last month that Fancy Bear had tried to hack more than 200 organizations, many of which, according to the software company, were linked to the 2020 elections. Microsoft was able linking this year’s cyber espionage campaign to Russian hackers via an apparent programming error that allowed the company to identify an attack pattern unique to Fancy Bear, according to a Microsoft assessment reviewed by Reuters.
Microsoft declined to comment on the Reuters findings, citing customer privacy. But Tom Burt, corporate vice president of security and customer trust, said in a statement that the company and the US government “have been working hard to keep this choice safe and secure.”
Reuters was unable to determine the momentum of the espionage operations. The Office of the Director of National Intelligence said in August that Russian operations were attempting to undermine the campaign of presidential candidate Joe Biden.
Democratic National Committee spokesman Chris Meagher said “it was no surprise” that foreign actors were trying to interfere in the elections.
The Russian embassy in Washington said it does not interfere in the internal affairs of the United States and denied any link to “Fancy Bear”, calling the accusation “fake news.”
The Trump campaign did not return messages.
Over the summer, a Microsoft cybersecurity unit and federal law enforcement agents notified many of Fancy Bear’s targets, according to six people with knowledge of the matter. Reuters last month identified SKDKnickerbocker, a lobbying firm allied with Biden, as one of them.
The attack on Democrats in Indiana and California, confirmed by four people familiar with the matter, suggests that the Russians are “expanding their network,” said Don Smith of cybersecurity firm Secureworks.
The Indiana Democratic Party said in a statement that it was “not aware of any successful intrusion.” California Democratic Party Chairman Rusty Hicks acknowledged being a target but stopped short of naming Fancy Bear, saying in an email that “the foreign entity’s effort was unsuccessful.”
The FBI declined to comment.
Attacks on influential nonprofits
Fancy Bear also took aim at the think tanks and foreign policy organizations that dominate Washington and that, in the past, have staffed presidential administrations.
Among them was the Center for American Progress (CAP), a left-leaning group whose founder, John Podesta, was at the center of the 2016 Russian hit-and-run operation, according to a person with direct knowledge of the incident.
A CAP spokesperson said the organization had not been raped and declined to comment further. The Open Society Foundations, one of the first organizations to see its correspondence leaked to the public by Fancy Bear in 2016, was again attacked by the Kremlin earlier this year, according to two people briefed on the matter. The group’s founder, George Soros, has provided substantial funding to pro-democracy causes and is a regular target of Russian disinformation, as well as domestic conspiracy theories.
In a statement, the Open Society said that “obviously tensions are extremely high heading into this election and we are taking many steps to ensure the safety of our staff.”
Other Fancy Bear targets in 2020 were the New York-based Council on Foreign Relations (CFR), the Washington-based Carnegie Endowment, and the Center for Strategic and International Studies (CSIS), all of which were notified by Microsoft, according to people familiar with the respective organizations.
A CSIS spokesperson declined to comment on the hacking activity. A Carnegie spokeswoman confirmed the target, but declined to provide further details. A spokeswoman for the Council on Foreign Relations said they had not been raped.