SAN FRANCISCO — The 2020 presidential election is still 13 months away, but already Iranians are following in the footsteps of Russia and have begun cyberattacks aimed at disrupting the campaigns.
Microsoft said on Friday that Iranian hackers, with apparent backing from the government, had made more than 2,700 attempts to identify the email accounts of current and former United States government officials, journalists covering political campaigns and accounts associated with a presidential campaign.
Though the company would not identify the presidential campaign involved, two people with knowledge of the hacking, who were not allowed to discuss it publicly, said it was President Trump’s.
In addition to Iran, hackers from Russia and North Korea have started targeting organizations that work closely with presidential candidates, according to security researchers and intelligence officials.
“We’ve already seen attacks on several campaigns and believe the volume and intensity of these attacks will only increase as the election cycle advances toward Election Day,” said Oren Falkowitz, the chief executive of the cybersecurity company Area 1, in an interview.
Microsoft’s report is the latest indication that cyberattacks and influence campaigns against political candidates are likely to accelerate heading into 2020. In 2016, Russian hackers infiltrated the computer networks of Democrats and Republicans, then selectively disseminated Democrats’ emails, including those of John D. Podesta, Hillary Clinton’s campaign chairman, in an effort to harm Mrs. Clinton’s campaign.
Microsoft said the attacks occurred over a 30-day period in August and September. That was roughly after the Trump administration announced additional sanctions against Iran, more than a year following the president’s withdrawal from the 2015 nuclear deal with Tehran. Iranian officials concede that the sanctions, intended to choke off the country’s oil revenue, have plunged the economy into a recession.
More recently, the administration has considered a cyberstrike to punish Tehran for what officials charge was an Iranian attack on Saudi oil facilities last month. It is all part of a low-level, daily cyberconflict between the two countries.
Iranian hackers have been engaged in a broad campaign against United States targets, according to Microsoft. The company found that hackers had tried to attack 241 accounts, using fairly unsophisticated means. The hackers appeared to have used information available about their victims online to discover their passwords. It was unclear what information they had stolen.
While the Microsoft report did not name Iran’s targets, it found evidence that hackers had infiltrated email inboxes in at least four cases. But the four successful hacks did not belong to a presidential campaign.
Tim Murtaugh, the Trump campaign’s communications director, said in a statement that “we have no indication that any of our campaign infrastructure was targeted.” Representatives for other presidential candidates said on Friday that their campaigns had not been targeted.
For weeks, officials from the F.B.I., the Department of Homeland Security and the National Security Agency have said they are particularly concerned about Iranian-backed attacks. Their worries stemmed from rising tensions over new sanctions on Iran and nascent Iranian activity in the 2018 midterm elections.
While the officials said they believed that all the presidential campaigns were likely targets, Mr. Trump’s has long been considered a prime one.
It was Mr. Trump who abandoned the nuclear deal and ramped up sanctions. The United States has also designated the Islamic Revolutionary Guard Corps a terrorist group. The guard corps oversees the nuclear program and, by some accounts, Iran’s best hacking group, its Cyber Corps.
But it is not clear whether the group that Microsoft identified reports to the Cyber Corps or is made up, deliberately, of freelancers and others whose affiliations are harder to trace.
When Iranian officials are asked about cyberattacks, they admit nothing but note that attacks have been two-way. Three times in the past decade, the United States has directed cyberweapons against Iranian targets. The most famous attack, code-named Olympic Games, wiped out about 1,000 centrifuges at the Natanz nuclear enrichment site.
In recent weeks, United States Cyber Command was asked to develop options for retaliating against the missile and drone attacks on Saudi Arabia’s oil fields. Officials reported that a cyberstrike against Iran was emerging as the most attractive option, in an effort to avoid the kind of escalation that might result from a more conventional strike.
So far, there is no evidence of such action, but it might take a while to gain access to Iranian computer networks, and the results might be subtle.
Security executives at the Democratic National Committee warned staff members in an email this week that Iranian hackers might be targeting their email accounts with so-called spearphishing attacks, in which hackers try to lure their target into clicking on a malicious link or attachment. That link or attachment can give attackers a foothold into a computer network.
The hackers were also believed to be interfering with an additional security feature known as two-factor authentication — a common security method that asks for credentials beyond a password — and were creating fake LinkedIn personas to make their email lures more believable.
After Russia’s interference in 2016, Democrats have repeatedly warned their Republican counterparts that election interference cuts both ways, and that state-sponsored hackers may not always seek to help the Republican candidate.
But to date, Senator Mitch McConnell of Kentucky, the majority leader, has refused to bring any election security bills to the floor. And Mr. Trump has yet to acknowledge Russian interference in the 2016 election, even as cybersecurity experts collect evidence that Russian hacking of organizations close to the 2020 campaigns is again underway.
James A. Lewis, a former government official and cybersecurity expert at the Center for Strategic and International Studies in Washington, said in a recent interview that cyberinterference, even from Russia, might not necessarily benefit Mr. Trump in 2020.
“The Russians have come to the conclusion that, so long as President Trump is in office, U.S.-Russian relations will remain at a standstill,” Mr. Lewis said.
Cybersecurity experts that specialize in disinformation say they have witnessed several coordinated disinformation campaigns aimed at influencing the 2020 campaign.
The bulk of that disinformation has originated domestically, said Cindy Otis, the director of analysis at Nisos, a cybersecurity firm in Alexandria, Va. She said other nation-states were closely watching these domestic operations but appeared to be holding back.
“We’ve seen a lot of disinformation on the domestic front, but nation-states are likely to amplify those narratives, as we saw Russia do in 2016,” Ms. Otis said. “But with so many candidates still in the running, nation-states seem to be waiting before they put all their efforts into one basket.”
Some cybersecurity firms said they were also witnessing what appeared to be the beginning stages of several different nation-state cyberattacks on American political campaigns.
In July, Tom Burt, Microsoft’s corporate vice president, told an audience at the Aspen Security Conference that Microsoft had evidence that Russia, Iran and North Korea had been the most active nations conducting cyberattacks.
With funding tight, only a handful of Democratic presidential campaigns have invested in a full-time cybersecurity officer. Instead, they have relied on advice from the Democratic National Committee and DigiDems, a Democratic technology firm founded after the 2016 presidential campaign.
The Democratic National Committee’s chief security officer, Bob Lord, holds occasional video conferences with members of presidential campaign staffs to keep them abreast of the latest threats. The committee has also mandated that each campaign have a point of contact for cybersecurity, and sends out both regular and emergency newsletters.
Every campaign, no matter how many millions of dollars it has raised, faces a difficult decision when building out a cybersecurity team: Such technology and expertise is expensive, but so is an expansive ground game.
“Campaigns only last until Election Day or when your candidate drops out,” said Tad Devine, a former senior adviser to the 2016 Bernie Sanders campaign. “If you spend too much on cybersecurity and not enough on voter contact, you’ll end your campaign by not making enough voter contact. So that’s the conundrum that campaigns are in.”
“Politics is a risk business,” Mr. Devine said. “You have to decide what risk you’re going to take.”