Microsoft Corp on Wednesday said it had discovered cyber attacks directed at democratic institutions, think tanks and non-profit organisations in Europe and would offer a cyber security service to several countries to close security gaps.
The hacks occurred between September and December 2018, targeting employees of the German Council on Foreign Relations and European offices of The Aspen Institute and The German Marshall Fund, the company said in a blog post.
Microsoft said it discovered the hacking through the company’s Threat Intelligence Center and Digital Crimes Unit, and the hacks targeted 104 employee accounts in Belgium, France, Germany, Poland, Romania, and Serbia.
Hackers in most cases create malicious weblinks and spoofed email addresses that look legitimate, aiming to gain access to employee credentials and deliver malware, the company said.
Microsoft said many of the attacks originated from a group called Strontium, which the company has previously associated with the Russian government.
Strontium, one of the world’s oldest cyber espionage groups, has also been called APT 28, Fancy Bear, Sofancy and Pawn Storm by a range of security firms and government officials. Security firm CrowdStrike has said the group may be associated with the Russian military intelligence agency GRU.
Germany’s BSI federal cyber protection agency confirmed that Strontium, or APT 28, had been attacking a wide range of organisations in Germany and around the world for years, but said it had not seen a substantial increase in these activities.
“State-controlled groups like APT 28 are usually continually active,” BSI said in response to a query from Reuters, adding it could not confirm a direct connection to upcoming elections.
German officials have blamed a number of hacks, including a 2015 attack on the lower house of parliament, on APT 28, and a German government spokesman last year said Berlin was “almost certain” the Russian secret service was behind the group. Russia has repeatedly denied such claims.
Aspen Germany said the latest attacks were unsuccessful, but it was taking steps to make sure staff members were trained to avoid even the most sophisticated efforts in an ever-present barrage of phishing and malware attacks.
“This is a wake-up call. In the run-up to May 2019 European elections, it is incumbent on all responsible players in European democracy to remain vigilant,” it said in a statement.
The German Marshall Fund also said its systems were not compromised, but it would continue to work with Microsoft and others to identify and mitigate any security challenges.
No immediate comment was available from German Council on Foreign Relations.
Microsoft said it will offer its cyber security service AccountGuard to 12 new markets in Europe including Germany, France and Spain to help customers secure their accounts.
The AccountGuard service will also be available in Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal and Slovakia.
Microsoft’s move highlights the growing effort by social media companies like Facebook Inc and Twitter Inc to bring more transparency around political content and advertisements, and halt the spread of misinformation on their platforms.
In the US, Special Counsel Robert Mueller is investigating Russia’s role in the 2016 election and whether the campaign of President Donald Trump colluded with Moscow. Russia denies meddling in the elections while Trump has denied any collusion.