Russian Hackers Hitting European Democratic Institutions, Warns Microsoft

Microsoft is offering cyber protection services after it warned that a Russian hacking group has attacked multiple targets in Europe.

Microsoft said it had detected attacks against employees of multiple think tanks and non-profit organisations working on topics related to democracy, electoral integrity, and public policy. These attacks had affected staff in Belgium, France, Germany, Poland, Romania, and Serbia.

The attacks come before the European Parliament elections, as well as several key national elections across the continent.

European targets

Microsoft said that it was critically important that organisations underpinning the democratic process have access to state-of-the-art cybersecurity protection, in light of the “nation-state attacks” of the past two years, including the hacking and disinformation attacks on the French presidential election in 2017.

“Today we’re announcing the expansion of Microsoft AccountGuard to twelve new markets across Europe (France, Germany, Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal, Slovakia, and Spain), providing comprehensive threat detection and notification to eligible organisations at no additional cost and customised help to secure their systems,” said Microsoft.

It cited the ongoing cyberattacks against European organisations, as evidenced last month when a 20 year old hacked personal data belonging to hundreds of German politicians, celebrities and public figures in that country.

“At Microsoft, we’ve seen recent activity targeting democratic institutions in Europe as part of the work our Threat Intelligence Center (MSTIC) and Digital Crimes Unit (DCU) carry out every day to protect all of our customers,” said the software giant.

“These attacks are not limited to campaigns themselves but often extend to think tanks and non-profit organisations working on topics related to democracy, electoral integrity, and public policy and that are often in contact with government officials,” it said.

Microsoft said for example that it had recently detected attacks targeting staff of the German Council on Foreign Relations, The Aspen Institutes in Europe and The German Marshall Fund.

The attacks targeted 104 accounts belonging to staff located in Belgium, France, Germany, Poland, Romania, and Serbia.

“MSTIC continues to investigate the sources of these attacks, but we are confident that many of them originated from a group we call Strontium,” it said.

Russian hackers

Strontium has been linked to the Russian government or the Russian military intelligence agency GRU (depending on which security firm you talk to).

Strontium is also known by a number of other names including APT 28, Fancy Bear, Sofancy and Pawn Storm.

Microsoft said these attacks are similar to attacks against US-based institutions, and in most cases involves the creation of malicious URLs and spoofed email addresses that look legitimate.

“These spearphishing campaigns aim to gain access to employee credentials and deliver malware,” said the firm. “The attacks we’ve seen recently, coupled with others we discussed last year, suggest an ongoing effort to target democratic organisations. They validate the warnings from European leaders about the threat level we should expect to see in Europe this year.”

Last August Microsoft claimed victory after it said it thwarted a cyber attack by Strontium. That attack targetted US conservative groups including the International Republican Institute and the Hudson Institute think tanks.

But Microsoft stopped it when its security staff gained control of six net domains mimicking their websites.

Do you know all about security? Try our quiz!