Microsoft reveals Russian hacking attacks as it expands AccountGuard protection across Europe
Microsoft has revealed that it detected various attacks by Russian hackers targeting democratic groups in Europe. The company says that numerous attacks carried out between September and December 2018 can be linked to a group known as Strontium.
Also known as Fancy Bear, the group is a cyber espionage outfit with ties to Russian intelligence agencies. At the same time as revealing some details of the attacks, Microsoft also announced the expansion of its AccountGuard security program to more European countries ahead of European Parliament elections.
- Microsoft brings Windows Timeline support to Chrome with Web Activities extension
- Kali Linux 2019.1 with Metasploit 5.0 available for download
- Microsoft reveals pricing for Windows 7 Extended Security Updates
- How to check to see if your data was part of the Marriott Starwood Hotel hack
Microsoft says that the attacks were not limited to particular electoral campaigns, but there was a definite political element to them. The company says that they, "often extend to think tanks and non-profit organizations working on topics related to democracy, electoral integrity, and public policy and that are often in contact with government officials".
In a blog post, Microsoft highlights attacks on the German Council on Foreign Relations and European offices of The Aspen Institute and The German Marshall Fund. Tom Burt, the company's corporate vice president of Customer Security & Trust, writes:
The attacks against these organizations, which we're disclosing with their permission, targeted 104 accounts belonging to organization employees located in Belgium, France, Germany, Poland, Romania, and Serbia. MSTIC continues to investigate the sources of these attacks, but we are confident that many of them originated from a group we call Strontium. The attacks occurred between September and December 2018. We quickly notified each of these organizations when we discovered they were targeted so they could take steps to secure their systems, and we took a variety of technical measures to protect customers from these attacks.
Consistent with campaigns against similar US-based institutions, attackers in most cases create malicious URLs and spoofed email addresses that look legitimate. These spearphishing campaigns aim to gain access to employee credentials and deliver malware.
With European Parliament elections on the horizon, the company also says that it is expanding Microsoft AccountGuard to more European countries: France, Germany, Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal, Slovakia and Spain have been added to the existing list of the US, Canada, Ireland and the UK. Microsoft explains:
The markets for which we're announcing AccountGuard today represent places where we've been able to expedite the work needed to offer AccountGuard quickly, and we plan to expand AccountGuard to additional markets in Europe in coming months.
Microsoft AccountGuard, which is part of our Defending Democracy Program, is a state-of-the-art cybersecurity service available at no extra cost to all political candidates, parties, and campaign offices operating at a local or national level. It is also available to think tanks, non-profits, and nongovernmental organizations working on issues related to democracy and electoral integrity. Microsoft AccountGuard is offered free-of-charge to organizations using Office 365.
It goes on to say:
The service provides notification of cyber threats, including attacks by known nation-state actors, across both email systems run by organizations and the personal accounts of these organizations' leaders and staff. Eligible organizations can invite selected staff and other associates to enroll, and notification will only occur with the consent of the account owner. Organizations can get protection for external individuals helping with a campaign, board members of non-profit organizations, or volunteers. When we detect threats, we will work directly with participating organizations to notify them and help them secure their systems.
AccountGuard also provides covered organizations guidance to help make their networks and email systems more secure. This can include applying multi-factor authentication, installing the latest security updates, and guidance for setting up systems that ensure only those people who need data and documents can access them. AccountGuard also provides briefings and training to address evolving cyberattack trends as well as preview releases of new security features on a par with the services offered to our large corporate and government account customers.
You can find out more about Microsoft AccountGuard here.