Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Microsoft Says Russian Hackers Targeted Democratic Institutions in Europe

Microsoft says it has observed a group widely associated with the Russian government launching numerous cyberattacks on democratic institutions in Europe between September and December 2018. 

Microsoft says it has observed a group widely associated with the Russian government launching numerous cyberattacks on democratic institutions in Europe between September and December 2018. 

Targeting 104 accounts belonging to organization employees located in Belgium, France, Germany, Poland, Romania, and Serbia, the attacks were carried out by the Russia-linked cyber-espionage group APT28, also known as Pawn Storm, Sednit, Fancy Bear, and Strontium. 

The hacking group, believed to be sponsored by Russia’s GRU intelligence agency, is associated with multiple high-profile attacks, including the DNC hack before the US 2016 elections and the targeting of Ukraine and NATO countries. 

In February last year, German news agency DPA revealed that the group had infiltrated Germany’s foreign and interior ministries’ online networks.

The recent APT28 assaults were aimed at think tanks and non-profit organizations that are often in contact with government officials while working on topics related to democracy, electoral integrity, and public policy, Microsoft says

Some of the intended victims include employees of the German Council on Foreign Relations, The Aspen Institutes in Europe and The German Marshall Fund.

“MSTIC [Microsoft’s Threat Intelligence Center] continues to investigate the sources of these attacks, but we are confident that many of them originated from a group we call Strontium,” Tom Burt, Corporate Vice President, Customer Security & Trust, Microsoft, reveals. 

“These attacks came as no surprise – everything we do as an organization, from our policy research to our work strengthening civil society, is dedicated to advancing and protecting democratic values. The announcement serves as a reminder that the assault on these values is real and relentless,” Karen Donfried, president of The German Marshall Fund, said in a statement. 

Advertisement. Scroll to continue reading.

In August last year, Microsoft disrupted an APT28 campaign that was targeted at the midterm elections in the United States. At the time, the company seized multiple malicious domains, including some impersonating the websites of the International Republican Institute, the Hudson Institute, the U.S. Senate, and Microsoft’s Office 365 service.

The same as last year, the new attacks relied on malicious URLs and spoofed email addresses that look legitimate, Microsoft says. The spear-phishing campaigns were attempting to gain access to employee credentials and deliver malware on target networks. 

Couple with the campaign disrupted last year, the new attacks “suggest an ongoing effort to target democratic organizations,” Burt notes. 

“We quickly notified each of these organizations when we discovered they were targeted so they could take steps to secure their systems, and we took a variety of technical measures to protect customers from these attacks,” Burt says. 

In an effort to prevent similar attacks in the future, Microsoft expanded the availability of its Microsoft AccountGuard, which is part of its Defending Democracy Program, to twelve new European markets, namely France, Germany, Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal, Slovakia, and Spain.

Related: Microsoft Disrupts Election-Related Domains Used by Russian Hackers

Related: Russian Hackers Use BREXIT Lures in Recent Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...