Microsoft says hackers targeted European think tanks ahead of elections

20 Feb 2019

Image: © artjazz/

A collective of hackers with links to Russian intelligence targeted European groups, according to Microsoft.

Technology giant Microsoft has revealed that hackers associated with Russia carried out precision phishing campaigns focused on European think tanks and non-profit organisations, ahead of elections in the EU set to take place in May of this year.

Microsoft spots new attacks

The company said it spotted attacks targeting democratic institutions in Europe, including the German Council on Foreign Relations and European offices of the Aspen Institute and the German Marshall Fund.

The attacks targeted 104 accounts belonging to various staff in Belgium, France, Germany, Poland, Romania and Serbia. A spokesperson for the German Council on Foreign Relations confirmed that the organisation was “the target of cyberattacks during a limited period in the past year”.

The German Marshall Fund, which exists to promote understanding between North America and Europe, said: “Everything we do as an organisation, from our policy research to our work strengthening civil society, is dedicated to advancing and protecting democratic values.

“The announcement serves as a reminder that the assault on these values is real and relentless.”

Fancy Bear under suspicion

While Microsoft did not directly say what country the attacks originated from, it placed the blame on a group of hackers often referred to as Fancy Bear or, as the company calls it, Strontium. Many security companies have identified Fancy Bear as a Russian group and some experts believe it has links to intelligence organisations in the country.

Fancy Bear was linked to the 2016 hacking of the US Democratic National Committee in the US. Authorities in the country indicted 12 Russian agents in relation to this hack, as well as the Clinton presidential campaign emails incident.

Spear-phishing campaigns

Microsoft said: “The attacks occurred between September and December 2018. We quickly notified each of these organisations when we discovered they were targeted so they could take steps to secure their systems, and we took a variety of technical measures to protect customers from these attacks.”

The attacks took the form of spear-phishing campaigns, which involve sending emails that appear to come from legitimate sources tailored to the recipient. If a user clicks a link inside one of these emails, bad actors can install malware, steal credentials or obtain private data.

It added that it will be offering the Microsoft AccountGuard cybersecurity service in 12 additional European markets from today (20 February), including France, Sweden and Germany. It is provided at no extra cost to political candidates, parties and campaign offices.

Russian authorities have denied that Moscow had any role to play in the hacking attempts of the European organisations.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects