Microsoft announced on September 10, 2020 that it has detected ongoing attacks from Russian military intelligence connected Fancy Bear, or APT 28. The group, also responsible for attacks on the Democratic National Convention in 2016, launched a series of attacks from September 2019 to September 2020. Microsoft’s Threat Intelligence Center (MSTIC) observed campaigns launched on U.S. organizations that were directly or indirectly affiliated with the November 2020 elections which aimed to harvest log-in credentials for intelligence-gathering or disruption purposes. Targets included U.S.-based political consultants, think tanks, national and state political party organizations, and businesses in entertainment, manufacturing, financial services, and physical security.