Microsoft: European Democratic Institutions In Crosshairs Of Hackers

Microsoft revealed Wednesday that hackers have been targeting democratic institutions, think tanks and non-profit organizations across Europe.

The Redmond, Wash.-based company said the attacks targeted 104 accounts affiliated with the German Council on Foreign Relations, The Aspen Institutes in Europe and The German Marshall Fund between September and December 2018, wrote Tom Burt, Microsoft's corporate vice president, customer security & trust, in a blog post.

Microsoft said it's confident that many of the attacks originated from a group called Strontium, which is widely associated with the Russian government. The affected employees were based in Belgium, France, Germany, Poland, Romania, and Serbia, according to Burt's blog post.

[Related: Microsoft Issues Emergency Security Patch For Internet Explorer Flaw]

"We quickly notified each of these organizations when we discovered they were targeted so they could take steps to secure their systems, and we took a variety of technical measures to protect customers from these attacks," Burt wrote in his blog post.

The attacks specifically focused on think tanks and non-profit organizations who have been working on topics related to democracy, electoral integrity, and public policy, and have often been in contact with government officials, Burt said.

In most cases, the attackers created malicious URLs and spoofed email addresses that looked legitimate, which Burt said is also consistent with campaigns against U.S.-based institutions. These spearphishing campaigns are intended to gain access to employee credentials and deliver malware, according to Burt.

"The attacks we've seen recently, coupled with others we discussed last year, suggest an ongoing effort to target democratic institutions," Burt wrote in the blog post. "They validate the warnings from European leaders about the threat level we should expect to see in Europe this year."

Strontium is also known as Fancy Bear or APT28, and is believed to be connected to Russian military intelligence agency GRU.

In response, Microsoft said it is expanding its AccountGuard service to 12 new markets across Europe. AccountGuard provides comprehensive threat detection and notification to eligible organizations at no additional cost, as well as customized help to secure their systems.

AccountGuard will now be available in: Denmark; Estonia; France; Finland; Germany; Latvia; Lithuania; the Netherlands; Portugal; Slovakia; Spain; and Sweden. Microsoft said the service was already available in the United States, Canada, the United Kingdom, and Ireland.

Microsoft said it plans to expand AccountGuard to additional markets in Europe in the coming months. The company said it's offered free-of-charge to organizations using Office 365.