Security Experts:

Connect with us

Hi, what are you looking for?



Microsoft Says Russian Hackers Targeted Democratic Institutions in Europe

Microsoft says it has observed a group widely associated with the Russian government launching numerous cyberattacks on democratic institutions in Europe between September and December 2018. 

Microsoft says it has observed a group widely associated with the Russian government launching numerous cyberattacks on democratic institutions in Europe between September and December 2018. 

Targeting 104 accounts belonging to organization employees located in Belgium, France, Germany, Poland, Romania, and Serbia, the attacks were carried out by the Russia-linked cyber-espionage group APT28, also known as Pawn Storm, Sednit, Fancy Bear, and Strontium. 

The hacking group, believed to be sponsored by Russia’s GRU intelligence agency, is associated with multiple high-profile attacks, including the DNC hack before the US 2016 elections and the targeting of Ukraine and NATO countries. 

In February last year, German news agency DPA revealed that the group had infiltrated Germany’s foreign and interior ministries’ online networks.

The recent APT28 assaults were aimed at think tanks and non-profit organizations that are often in contact with government officials while working on topics related to democracy, electoral integrity, and public policy, Microsoft says

Some of the intended victims include employees of the German Council on Foreign Relations, The Aspen Institutes in Europe and The German Marshall Fund.

“MSTIC [Microsoft’s Threat Intelligence Center] continues to investigate the sources of these attacks, but we are confident that many of them originated from a group we call Strontium,” Tom Burt, Corporate Vice President, Customer Security & Trust, Microsoft, reveals. 

“These attacks came as no surprise – everything we do as an organization, from our policy research to our work strengthening civil society, is dedicated to advancing and protecting democratic values. The announcement serves as a reminder that the assault on these values is real and relentless,” Karen Donfried, president of The German Marshall Fund, said in a statement. 

In August last year, Microsoft disrupted an APT28 campaign that was targeted at the midterm elections in the United States. At the time, the company seized multiple malicious domains, including some impersonating the websites of the International Republican Institute, the Hudson Institute, the U.S. Senate, and Microsoft’s Office 365 service.

The same as last year, the new attacks relied on malicious URLs and spoofed email addresses that look legitimate, Microsoft says. The spear-phishing campaigns were attempting to gain access to employee credentials and deliver malware on target networks. 

Couple with the campaign disrupted last year, the new attacks “suggest an ongoing effort to target democratic organizations,” Burt notes. 

“We quickly notified each of these organizations when we discovered they were targeted so they could take steps to secure their systems, and we took a variety of technical measures to protect customers from these attacks,” Burt says. 

In an effort to prevent similar attacks in the future, Microsoft expanded the availability of its Microsoft AccountGuard, which is part of its Defending Democracy Program, to twelve new European markets, namely France, Germany, Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal, Slovakia, and Spain.

Related: Microsoft Disrupts Election-Related Domains Used by Russian Hackers

Related: Russian Hackers Use BREXIT Lures in Recent Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...


Cybersecurity firm Group-IB is raising the alarm on a newly identified advanced persistent threat (APT) actor targeting government and military organizations in Asia and...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...