Microsoft reveals new APT28 cyber-attacks against European political entities

Microsoft also expands AccountGuard security service for political entities in 12 European countries.
Written by Catalin Cimpanu, Contributor

Microsoft revealed today that a Russian nation-station hacking group targeted political organizations engaged in the upcoming the upcoming 2019 European Parliament election --scheduled for the end of May.

"We've seen recent activity targeting democratic institutions in Europe as part of the work our Threat Intelligence Center (MSTIC) and Digital Crimes Unit (DCU) carry out every day to protect all of our customers," said Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft.

"These attacks are not limited to campaigns themselves but often extend to think tanks and non-profit organizations working on topics related to democracy, electoral integrity, and public policy and that are often in contact with government officials," Burt added. "For example, Microsoft has recently detected attacks targeting employees of the German Council on Foreign Relations and European offices of The Aspen Institute and The German Marshall Fund."

Microsoft said it detected attacks between September and December 2018 targeting 104 accounts belonging to employees at various of these political organizations, employees located in Belgium, France, Germany, Poland, Romania, and Serbia.

The OS maker attributed the attacks to APT28, a group also known as Fancy Bear and which Microsoft calls Strontium internally. This is one of the two Russian hacker groups known to have breached the Democratic National Committee servers in 2016, ahead of the US Presidential election.

The attacks Microsoft detected were basic spear-phishing email campaigns, the go-to weapon of APT28 hackers. The emails aimed to collect login credentials or infect victims with malware.

With today's blog post revealing these attacks, Microsoft said it was also expanding its AccountGuard service to 12 new EU countries: France, Germany, Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal, Slovakia, and Spain.

Microsoft launched AccountGuard in August 2018 as part of its Defending Democracy Program, which includes a suite of security tools and services to help US political campaigns and electoral organizations safeguard their IT networks from hackers.

AccountGuard lets political campaigns and organizations sign up the Office 365, Hotmail, or Outlook.com accounts of their staff into a program with improved protection and threat detection.

Microsoft will watch over these accounts for cyber-attacks from known nation-state groups and alert administrators and victims in the case of any detected threat.

In addition, AccountGuard also provides access to a large number of cybersecurity webinars and workshops so IT teams can improve their security posture, but also advice from Microsoft engineers in the case of confirmed intrusions.

Previously, AccountGuard had been made available first in the US, and then the UK, Ireland, and in Canada. Microsoft launched the service in 2018 after it detected similar APT28 attacks against US political entities ahead of the 2018 US Midterm elections.

"While AccountGuard is currently available for the campaign accounts of elected officials, we hope in the near future to offer it for government-run accounts, like official accounts of the European Parliament," Burt said in a blog post today.

The move to expand AccountGuard into Europe comes after Microsoft expanded the same service to Canada at the start of the month to help local political entities ahead of the country's 43rd Canadian federal election, scheduled for October 2019, when Canadians will be choosing a new Parliament.

At the end of January, this year, Alphabet, Google's parent company, expanded "Project Shield," its free DDoS protection service, to political entities involved in the upcoming European Parliament election.

These are the worst hacks, cyberattacks, and data breaches of 2018

Related security coverage:

Editorial standards