Russian state hackers are targeting NGOs, think tanks and other government-linked organizations ahead of the European Parliament elections in spring, according to Microsoft.
The tech giant said it had observed 104 accounts in Belgium, France, Germany, Poland, Romania and Serbia come under fire from Fancy Bear (APT28, Strontium). This is the group blamed for the 2016 attacks on the Democratic National Committee (DNC) which many believe helped Donald Trump to power.
The attackers are using classic spear-phishing techniques to try and gain access to employee credentials and deliver malware, said Microsoft corporate VP, Tom Burt.
“These attacks are not limited to campaigns themselves but often extend to think tanks and non-profit organizations working on topics related to democracy, electoral integrity, and public policy and that are often in contact with government officials,” he added.
“The attacks we’ve seen recently, coupled with others we discussed last year, suggest an ongoing effort to target democratic organizations. They validate the warnings from European leaders about the threat level we should expect to see in Europe this year.”
Some of the organizations targeted in this latest campaign include the German Council on Foreign Relations and European offices of The Aspen Institute and The German Marshall Fund.
To help non-profits and other organizations which may not have the resources to defend themselves from state-level attacks, Microsoft is offering its AccountGuard service across Europe, free to Office 365 customers.
It helps protect corporate and personal email accounts and offers best practice security guidance on email and network security, according to Burt.
Last week former NATO secretary-general, Anders Fogh Rasmussen, warned of a major Kremlin effort to disrupt the upcoming European elections to spread disinformation and undermine confidence in the democratic process.
He joined 14 current and former leaders in calling for those running in the election to pledge not to spread fake news or use stolen data in their campaigns, and to train staff in cybersecurity, among other things.