A man walks past the building of the headquarters of the Russian General Staff's Main Intelligence Directorate (GRU) in Moscow on Dec. 30, 2016.

The same Russian intelligence agency charged with hacking Democrats’ emails in 2016 has targeted at least three candidates running for election in 2018, a Microsoft executive said.



Speaking on a panel at the Aspen Security Forum on Thursday, Tom Burt, Microsoft's vice president for customer security and trust, said that his team had discovered a spear-phishing campaign targeting three candidates running for election in 2018. Analysts traced them to a group Microsoft has nicknamed Strontium, which is closely tracked by every major threat intelligence company and is widely accepted to be run by the GRU, Russia’s military intelligence agency.

Burt declined to name the candidates during the event, citing privacy concerns, and didn’t say which party they belonged to, but implied they were candidates of note and running for reelection.

“They were all people who, because of their positions, might have been interesting targets from an espionage standpoint, as well as an election disruption standpoint,” Burt said.

On Friday, special counsel Robert Mueller’s office announced charges against 12 GRU officers it accused of conducting a months-long campaign to hack Democrats in 2016, particularly those working to elect Hillary Clinton, and leaking what it found in an effort to hurt her candidacy. Those same hackers attacked the Democratic Congressional Campaign Committee that year, using the fictitious persona Guccifer 2.0 to release assessments of candidates in various House races.



The GRU’s tactics have rankled Western intelligence agencies, which view hacking politicians as standard spycraft, but leaking that information to be a major violation of norms. A hacker group from a second Russian intelligence agency had penetrated the DNC as early as 2015, but didn’t spread that information, and has avoided the kind of international condemnation aimed at the GRU.

GRU hackers are believed to be behind a number of global hack-and-leak operations aimed at entities adversarial to Russia, including French President Emmanuel Macron’s 2017 campaign and the World Anti-Doping Agency, whose reports led to Russia’s ban from the 2018 Olympics over its massive doping program.

In recent weeks, officials from the Department of Homeland Security have insisted that though they’re watchful of potential Russian hacking, they’ve seen no sustained campaign against election systems.

DHS has considered election equipment and voter registration databases critical infrastructure, and thus under its umbrella of protection, since the beginning of 2017. But while the tech industry has provided campaigns with some free tools, there is no such overarching body or regulation specifically protecting them. A number of Democratic campaigns told BuzzFeed News in March that they had received no cybersecurity advice in 2018.

When asked by BuzzFeed News, Microsoft also declined to address which parties it had seen targeted. A representative from the Republican National Committee didn’t immediately respond to a request for comment.

A representative from the Democratic National Committee, Xochitl Hinojosa, didn't address whether any Democrats had been targeted, but told BuzzFeed News that “We saw the Russians attack our democracy in 2016 and we know they're a threat in 2018, 2020 and beyond. Unfortunately, the President refuses to acknowledge this serious threat to our country, and House Republicans are refusing to increase funding for election security.”



