Cyberattacks Targeting US Elections, Warns Microsoft

A new report from Microsoft identifies several foreign hacking groups attempting to disrupt the upcoming US election.

With the US elections closing in fast, there has been a lot of debate about the robustness of mail-in ballots. But, according to a new report from Microsoft, it’s outside influences which could prove the most disruptive.

The company claims to have stopped numerous attempts to subvert the voting process already, and has identified three countries — Russia, China and Iran — as the main originators of these attacks.

The attacks have been directed at staff on both the Trump and Biden campaigns.

Who is Orchestrating the Attacks?

According to the report from Microsoft, the attacks have mainly come from three well-known hacking organizations, based in Russia, China and Iran:

Strontium – This Russian-based group has been active for some time, and was identified in the Mueller report as being responsible for the attacks on the Democratic campaign in 2016. Recently, its efforts have centered on harvesting log-in data or compromising accounts, with the group attacking more than 200 organizations so far, many of them directly involved in the upcoming US election. As identified by Microsoft, it has also made several attempts to infiltrate the European People’s Party, UK political parties, and think tanks, such as The German Marshall Fund of the United States.

The report states that although Strontium were known to be involved in 2016 hacks, its methods have grown exponentially since then, with more sophisticated attempts made this year, including running its attacks through more than 1,000 rotating IP address to avoid detection.

Microsoft has published advice separately on the threat from Strontium.

Zirconium – Microsoft has identified thousands of attacks from this China-based group between March and September of this year, with nearly 150 compromises pinpointed. Zirconium has primarily been targeting two separate audiences. The first group under fire are those closely linked to with the US presidential campaign and its candidates. It unsuccessfully targeted the Biden campaign via email associated email accounts, as well as at least one prominent person who has previously been involved with the Trump campaign.

In addition, it has also been going after high-profile figures in international affairs and academic fields, targeting more than 15 universities, and 18 international policy organizations.

Phosphorus – Lastly, this group originates from Iran, and has been on Microsoft’s radar for several years. It has traditionally attempted to infiltrate organizations with links to geopolitical, economic or human rights interests in the Middle East. In August, Microsoft was given permission by a federal court to take control of 25 domains that were being used by the group. To date, it has taken control of 155 domains belonging to the group.

Phosphorus has been attempting to access both personal and business accounts of individuals linked to the Trump presidential campaign.

Foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated – Microsoft statement

What Action has Microsoft Taken?

While the average American might be shocked to learn of these attempts to disrupt democracy by foreign agents, Microsoft has been aware of their activity for some time, with tracking dating back to the previous election, and beyond. Active monitoring and alerting the relevant parties has been key for the company, as well as steps to quell their reach, as seen in the example of taking over domains from Phosphorus.

Microsoft credits its tech with identifying and stopping the majority of these attacks, but has also warned that infiltration attempts have increasingly become more sophisticated.

The majority of these attacks were detected and stopped by security tools built into our products. We have directly notified those who were targeted or compromised so they can take action to protect themselves. – Microsoft statement

The company produces a number of products specifically aimed at protecting those that run campaigns, including Microsoft 365 for Campaigns. It also offers Election Security Advisors, who will assess an organization’s systems and identify potential flaws, as well as help find and shut down existing breaches.

While Microsoft has been actively stopping the majority of hacking attempts, its recent statement shows some real concern for the future of elections, as foreign actors employ more and more robust methods. The company believes that the key to success may well be more funding in this area, to ensure the sanctity of democracy for future generations.

We also believe more federal funding is needed in the U.S. so states can better protect their election infrastructure. While the political organizations targeted in attacks from these actors are not those that maintain or operate voting systems, this increased activity related to the U.S. electoral process is concerning for the whole ecosystem. – Microsoft statement.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Jack is the Deputy Editor for He has over 15 years experience in publishing, having covered both consumer and business technology extensively, including both in print and online. Jack has also led on investigations on topical tech issues, from privacy to price gouging. He has a strong background in research-based content, working with organisations globally, and has also been a member of government advisory committees on tech matters.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals