Microsoft revealed on Wednesday (Feb.20th) in a blog post that hackers targeted multiple EU think tanks and non-profit organisations in 2018.
The company said it had detected attacks targeting 104 staff accounts at the German Council on Foreign Relations, The Aspen Institutes in Europe and The German Marshall Funds.
Microsoft said the source of the attacks have not been identified but is “confident” that many of those attacks, which took place between September and December last year, originated from a group called Strontium.
The cyber espionage group – also known as APT28 and Fancy Bear – is allegedly affiliated with Russian military intelligence, and is best known for hacking the Democratic National Committee during the 2016 US presidential elections.
Malicious URLs and spoof emails
Microsoft said hackers created malicious URLs and spoof emails to gain access to employee credentials and deliver malware in countries like Belgium, France, Germany, Poland, Romania, and Serbia.
“These attacks are not limited to campaigns themselves but often extend to think tanks and non-profit organisations working on topics related to democracy, electoral integrity, and public policy and that are often in contact with government officials,” Tom Burt, corporate vice president for customer security and trust at Microsoft, wrote in the blog post.
“We quickly notified each of these organisations when we discovered they were targeted so they could take steps to secure their systems, and we took a variety of technical measures to protect customers from these attacks,” Microsoft said.
EU leaders say they need to address the cybersecurity gaps on the lead up to the European Parliament elections in May 2019.
Microsoft also used its blog post to announce it will expand its cybersecurity service AccountGuard to 12 new markets in Europe including Germany, France, and Spain to help customers secure their systems.