Microsoft has seen a rise in recent cyberattack activity against European think tanks and non-profit organizations. The warning comes as European leaders warn attacks will continue across Europe in 2019.
Microsoft detected the attacks targeting European organizations that work on topics related to democracy, electoral integrity, and public policy and that are often in contact with government officials.
Examples of recently targeted organizations include the German Council on Foreign Relations, The Aspen Institutes in Europe and The German Marshall Fund.
Tom Burt, Microsoft Corporate Vice President, Customer Security & Trust, provided additional details on the cyberattacks in a blog post on Wednesday:
“The attacks against these organizations, which we’re disclosing with their permission, targeted 104 accounts belonging to organization employees located in Belgium, France, Germany, Poland, Romania, and Serbia. MSTIC continues to investigate the sources of these attacks, but we are confident that many of them originated from a group we call Strontium. The attacks occurred between September and December 2018. We quickly notified each of these organizations when we discovered they were targeted so they could take steps to secure their systems, and we took a variety of technical measures to protect customers from these attacks.”
Microsoft also observed the hackers are creating malicious URLs and spoofed email addresses as part of spearphishing campaigns designed to gain access to employee credentials and deliver malware to their victims.
To help combat ongoing cybercrime efforts that target democratic organizations, Microsoft is making its AccountGuard security service available starting today in twelve additional European markets: France, Germany, Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal, Slovakia and Spain.
Microsoft previously launched AccountGuard in August 2018, in preparation for the 2018 US midterm elections. The service was previously made available in the U.S., U.K., Ireland and Canada.
An excerpt of the AccountGuard service:
“Microsoft AccountGuard is a new security service offered at no additional cost to customers in the political space. The service is designed to help these highly targeted customers protect themselves from cybersecurity threats.”
The AccountGuard service provides multiple services, such as best practice security guidance to those in political space, access to webinars/workshops, notification of a known nation-state actor accessing O365 accounts, and remediation guidance to name a few.