“These guys are really good and really move fast, and we knew they would react to rebuild their systems,” said Tom Burt, the Microsoft executive who is running the team. “We were prepared to follow them, and tear down whatever they build up.”
But as Cyber Command and Microsoft were taking aim at Trickbot, a new hacking threat emerged.
Over the past two months, a different group of Russian hackers — known as “Energetic Bear” or “Dragonfly,” and believed to be operating within the country’s Federal Security Service, or F.S.B., the successor to the Soviet-era K.G.B. — has been targeting American state and local networks, according to government and private security researchers.
Their goal is still unclear, but the timing — so close to the election — and the actor, which was previously caught hacking American nuclear, water, and electric plants, have sent alarm bells ringing at Cyber Command and at security firms like FireEye. CyberScoop earlier published details of a leaked FireEye report on the campaign on Monday.
Officials worry that even if those hackings do not amount to much, the Russians’ very presence inside U.S. state and local systems could be used to support the president’s baseless allegations that the election is “rigged.”
That was part of the motivation behind an unusual nine-minute video posted online this month — titled “Safeguarding Your Vote”— featuring senior American law enforcement, intelligence and cybersecurity officials.
“We are not going to tolerate foreign interference in our elections or criminal activity that threatens the sanctity of your vote or undermines public confidence in the outcome of the election,” Christopher A. Wray, the F.B.I. director, assured voters.
Mr. Wray and his counterparts have been contradicted at every turn by the president, who continues to assail mail-in voting as an avenue for fraud, for which there is no evidence. Mr. Trump’s claims are often amplified by the Russians, whose main interest is to cast doubt about the credibility of free elections.