Microsoft says Russian hackers targeting European groups

Clyde Hughes
A Russian flag flies near the Kremlin tower in Moscow. File Photo by Yuri Gripas/UPI
A Russian flag flies near the Kremlin tower in Moscow. File Photo by Yuri Gripas/UPI | License Photo

Feb. 20 (UPI) -- Microsoft warned Wednesday that the same group of Russian hackers who stole emails from the Democrats two years ago are now targeting European think tanks ahead of European Union elections in May.

Tom Burt, Microsoft's corporate vice president for customer security and trust, wrote in a blog post that the software giant found spear-phishing attempts connected to the hacking group Strontium, also known as APT28 and Fancy Bear. Burt added that the group tried to engage employees at the German Council on Foreign Relations, The Aspen Institutes in Europe and The German Marshall Fund.


Spear-phishing is an attack in which a specific organization or individual is targeted, often to acquire sensitive information.

"The attacks against these organizations, which we're disclosing with their permission, targeted 104 accounts belonging to organization employees located in Belgium, France, Germany, Poland, Romania, and Serbia," Burt wrote. "The attacks occurred between September and December 2018.

RELATED Experts: Info sharing key to protecting U.S. infrastructure from cyber threats

"We quickly notified each of these organizations when we discovered they were targeted so they could take steps to secure their systems, and we took a variety of technical measures to protect customers from these attacks."

The warning came about three months before European Parliament elections, scheduled to start May 23.

Strontium and another group, both believed to be connected to Russian intelligence, were blamed for swiping thousands of private emails from the Democratic National Committee and other prominent Democrats in 2016 and passing them on to WikiLeaks, which published them through the 2016 presidential election campaign.

RELATED Report: Chinese group APT10 hacked U.S., Norwegian companies

"Consistent with campaigns against similar U.S.-based institutions, attackers in most cases create malicious URLs and spoofed email addresses that look legitimate," Burt wrote. "These [spear-phishing] campaigns aim to gain access to employee credentials and deliver malware.

"The attacks we've seen recently, coupled with others we discussed last year, suggest an ongoing effort to target democratic organizations."

German Marshall Fund President Karen Donfrield said in a statement Microsoft's findings confirm that Russian entities are attempting to grow their Internet attacks.

"With European parliamentary elections this spring and American presidential elections next year, it is more important than ever that we be vigilant to protect our democracies from foreign interference, including online," she said.

Latest Headlines