The Russian military intelligence hackers known as Fancy Bear or APT28 wreaked havoc on the 2016 election, breaking into the Democratic National Committee and Hillary Clinton’s campaign to publicly leak their secrets. Ever since, the cybersecurity community has been waiting for the day they would return to sow more chaos. Just in time for the 2020 election, that day has come. According to Microsoft, Fancy Bear has been ramping up its election-targeted attacks for the past full year.
On Thursday, Microsoft published a blog post revealing that it has seen Russia’s Fancy Bear hackers, which Microsoft calls Strontium, targeting more than 200 organizations since September 2019. The targets include many election-adjacent organizations, according to researchers at Microsoft’s Threat Intelligence Center, including political campaigns, advocacy groups, think tanks, political parties, and political consultants serving both Republicans and Democrats. Microsoft named the German Marshall Fund of the United States and the European People’s Party as two of the hackers’ targets. The company otherwise declined to publicly name victims or say how many of the attempted intrusions had been successful, though it said that its security measures had prevented the majority of attacks.