Microsoft says Russian hackers targeted European researchers

Daily life in Bucharest

Microsoft revealed hacking efforts on European groups.


A group of hackers linked to Russia carried out cyberattacks on European political research groups, Microsoft has revealed.

Strontium, a Russian government agency-linked group also known as Fancy Bear, targeted more than 100 accounts of employees based in Belgium, France, Germany, Poland, Romania and Serbia, the company said in a blog post on Tuesday.

The targets included the German Council on Foreign Relations, the Aspen Institutes in Europe, the German Marshall Fund and others researching democracy, electoral integrity and public policy. The workers are also in regular contact with government officials. The European Union will hold elections to its parliament in May.

“The attacks occurred between September and December 2018,” said Tom Burt, Microsoft’s corporate vice president of Customer Security & Trust. “We quickly notified each of these organizations when we discovered they were targeted so they could take steps to secure their systems, and we took a variety of technical measures to protect customers from these attacks.”

Fancy Bear rose to infamy after its 2016 attack on the Democratic National Committee, in which 12 hackers infiltrated the organization’s servers to steal emails from staffers in an effort to influence the presidential race.

In 2018, it infected more than half a million routers with malware and targeted groups in South America and Europe.

Microsoft responded to the latest attacks by making its free AccountGuard cybersecurity service available to European groups using its Office 365 software in 12 new markets as added protection, it said in the blog post.

The German Marshall Fund noted that groups must be more vigilant than ever to protect their democracies as the European elections approach.

“The risk is not just for candidates and campaigns,” Karen Donfried, German Marshall Fund’s president, said in a blog post addressing Microsoft’s. “Organizations and individuals need to be aware and prepared that malign forces, including sophisticated state actors, seek to exploit them in the digital space.”

The German Council on Foreign Relations confirmed the attack, and welcomed Microsoft’s initiative. “We are, of course, concerned about our digital infrastructure and have therefore been implementing a range of measures to counter further such risks,” a spokesperson said in an emailed statement. “It is also our view as a foreign policy organization and think tank that the issue of cyber attacks should receive strong political and public attention.”

The Aspen Institutes in Europe didn’t immediately respond to a request for comment.