Russia-Linked Hackers Responsible for Vast European Cyber Attacks, Says Microsoft

February 20, 2019, 11:53 AM UTC

Russia-linked hackers have attacked over 100 accounts linked to European think tanks and civil society NGOs, Microsoft said Wednesday. The victims include the German Council on Foreign Relations, European branches of the Aspen Institute, and the German Marshall Fund.

Elections for the Parliament of the European Union are scheduled for May 23-26 and Microsoft security vice president, Tom Burt, wrote that the attacks, “validate the warnings from European leaders about the threat level we should expect to see in Europe this year.”

Microsoft blames the majority of this round of attacks, which it says took place in September and October 2018, on a group called Strontium — otherwise known as Fancy Bear and APT28. Microsoft has been battling the group and its related factions for years, including in court, over politically-motivated hacking, which includes hacking the Democratic National Committee in 2016 and other American political groups since then. It warned in August that Strontium would also target the U.S. midterm elections.

The attacks are often via so-called ‘spear phishing’, where hackers pose as employees and send malicious attachments or links to obtain passwords and remote access to an organization’s IT platforms.

Microsoft is part of the Transatlantic Commission on Election Integrity, which seeks to reduce the impact of fake news, so-called “deep fakes” or doctored media, and other election interference that former security officials warn Russia will use to meddle with democratic elections. It also offers security countermeasures to clients, designed to alert them to this type of hacking.