Microsoft discovers cyberattacks on democratic institutions in Europe
Group called Strontium, which the company has associated with the Russian government was involved
Microsoft said on Wednesday that it had uncovered cyber attacks on European agencies including think tanks and non-profit organisations, and would offer a cyber-security service to several countries to close gaps.
The hacks occurred between September and December 2018, aimed at employees of the German Council on Foreign Relations and European offices of the Aspen Institute and the German Marshall Fund, the company said.
Microsoft said it discovered the hacks through its Threat Intelligence Centre and Digital Crimes Unit, and that they were aimed at 104 employee accounts in Belgium, France, Germany, Poland, Romania and Serbia.
Hackers mainly use malicious web links and fake email addresses that look real, aiming to gain access to employee details and deliver malware, the company said.
It said many of the attacks were by a group called Strontium, which the company has associated with the Russian government.
Strontium, one of the world's oldest cyber espionage groups, has also been called APT 28, Fancy Bear, Sofancy and Pawn Storm by security companies and governments.
Security company CrowdStrike said the group might be associated with the Russian military intelligence agency GRU.
Germany's BSI federal cyber protection agency confirmed that Strontium had attacked a wide range of organisations in Germany and around the world for years, but said it had not seen a substantial increase.
"State-controlled groups like APT 28 are usually continually active," BSI said, adding it could not confirm a direct connection to coming elections.
German officials have blamed hacks, including a 2015 attack on the lower house of parliament, on APT 28, and a German government spokesman last year said that Berlin was "almost certain" the Russian secret service was behind it. Russia has repeatedly denied such claims.
Aspen Germany said the latest attacks were unsuccessful, but it was taking steps to make sure staff members were trained to avoid even the most sophisticated efforts in phishing and malware attacks.
"This is a wake-up call. In the run-up to May 2019 European elections, it is incumbent on all responsible players in European democracy to remain vigilant," it said.
The German Marshall Fund also said its systems were not compromised, but it would continue to work with Microsoft and others to identify and mitigate any security challenges.
No immediate comment was available from German Council on Foreign Relations.
Microsoft said it would offer its cyber security service AccountGuard to 12 new markets in Europe, including Germany, France and Spain, to help customers secure their accounts.
The AccountGuard service will also be available in Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal and Slovakia.
Microsoft's move highlights the growing effort by social media companies such as Facebook and Twitter to bring more transparency to political content and advertisements, and halt the spread of misinformation.
Updated: February 21, 2019 03:28 AM