World / Crime & Legal

Microsoft detects Russia-linked hackers targeting Europe democracy groups ahead of polls

AP, Reuters

A hacking group has targeted European democratic institutions, including think tanks and nonprofit groups, ahead of highly anticipated EU parliamentary elections in May, Microsoft has found.

The company said Tuesday that a group called Strontium targeted email accounts for more than 100 people in six European countries working for the German Council on Foreign Relations, the Aspen Institutes in Europe and the German Marshall Fund.

Microsoft said it discovered the hacking through its Threat Intelligence Center and Digital Crimes Unit. It said the hacks targeted 104 employee accounts in Belgium, France, Germany, Poland, Romania, and Serbia.

Hackers in most cases create malicious web links and spoofed email addresses that look legitimate, aiming to gain access to employee credentials and deliver malware, the company said.

Microsoft said in a blog post that it is continuing to investigate but is confident many of the attacks originated from Strontium, a group that others call Fancy Bear or APT28. U.S. authorities have tied the group to Russia’s main intelligence agency, known as the GRU.

Germany’s BSI cyberprotection agency said it has not seen a substantial rece3nt increase in Strontium’s activities.

Microsoft said that the attacks occurred from September to December and that it notified the organizations after discovering they had been targeted.

Tech companies have been accused of not doing enough to prevent hacking attacks and the spread of fake news, which some say influenced major elections like the 2016 U.S. presidential vote and the Brexit referendum.

Hundreds of millions of people are set to vote for more than 700 European Union parliamentary lawmakers in May, and the recent rise of populist parties has raised the prospect of euroskeptic politicians gaining more seats and potentially undermining the bloc.

The German Marshall Fund has done extensive work researching and documenting Russian attempts at interfering in elections as part of its broader efforts on democracy-building and trans-Atlantic cooperation.

In a statement, the German Marshall Fund president, Karen Donfried, said the attacks were unsurprising for an organization “dedicated to advancing and promoting democratic values.”

The organization said its systems did not appear to be compromised.

The German Council on Foreign Relations declined to offer details, citing the ongoing investigation. But a council spokeswoman, Eva-Maria McCormack, called for “strong political and public attention” to the issue of cyberattacks.