“We’ve seen recent activity targeting democratic institutions in Europe as part of the work our Threat Intelligence Center (MSTIC) and Digital Crimes Unit (DCU) carry out every day to protect all of our customers,” said Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft. “These attacks are not limited to campaigns themselves but often extend to think tanks and non-profit organizations working on topics related to democracy, electoral integrity, and public policy and that are often in contact with government officials,” Burt said. “For example, Microsoft has recently detected attacks targeting employees of the German Council on Foreign Relations and European offices of The Aspen Institute and The German Marshall Fund.” Microsoft found attacks that happened between September and December last year. 104 accounts were targeted, mostly from employees in Belgium, France, Poland, Germany, Romania, and Serbia-based political organizations. In a blog post, Burt says the cyberattack was carried out by APT28, which also goes by Fancy Bear (or Strontium internally within Microsoft). This unit is known to be comprised of two Russian hacking groups united together. APT28 has previously carried out successful cyberattacks on the Democratic National Committee before the 2016 US Presidential election. Microsoft points out the Europe-focused attacks were fairly unsophisticated and involved spear-phishing email campaigns.
AccountGuard
To help European nations better protect themselves from such attacks, Microsoft today said it will expand its AccountGuard service to 12 new nations: France, Germany, Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal, Slovakia, and Spain. Available for free in Office 365, the service helps Microsoft Account holders running elections campaigns, in political committees, or politician staff. The tool provides more threat monitoring capabilities by regularly monitoring accounts for security breaches. During its checks, AccountGuard scans attachments for malware, phishing, and failed login attempts. If something is found, a notification is sent to the account holder. If a genuine cyber threat is uncovered, Microsoft provides remediation and ongoing support to stop the threat.