A group of hackers associated with Russian intelligence targeted civil society groups across Europe ahead of May elections there, Microsoft said Tuesday.
The attacks, disclosed by Microsoft in a blog post, demonstrates the continuing spread of a broad online campaign aimed at disrupting real and potential political opponents of Russia’s president, Vladimir Putin. The company said it had found that hackers targeted more than 100 email accounts at think tanks and nongovernmental organisations that work on issues including election security, nuclear policy and foreign relations.
Microsoft did not address what country the attacks came from, but it blamed a group of hackers sometimes called Fancy Bear. Online security companies have identified Fancy Bear as a Russian group, and it is widely believed to be tied to Russian intelligence.
Fancy Bear was involved in the 2016 hacking of the Democratic National Committee in the United States, according to the party and security researchers. Last year US authorities indicted 12 Russian intelligence officers related to the hacks of the party headquarters and the Clinton presidential campaign.
Russian officials have denied that Moscow had any role in the hacking attempts.
Despite scrutiny of groups like Fancy Bear, the attacks have continued. The same hacking group last year similarly targeted Republican think tanks that had criticised President Donald Trump in advance of the midterm elections in the United States. Microsoft also detected those as part of its cybersecurity operations.
Increasingly the attacks have also targeted groups that are not directly involved in elections but seek to steer debate or focus on specific targets.
Microsoft said the attacks occurred between September and December and took the form of spearfishing campaigns. Spearfishing involves sending emails that appear to come from legitimate sources to get users to click the links inside. If a user clicks those links, hackers can use that to install malware, steal passwords or conduct other online mischief.
The German Council on Foreign Relations, the European offices of the Aspen Institute and the German Marshall Fund of the United States were among the groups Microsoft said were targeted and agreed to be disclosed, the company said.
In a statement on its website, the German Marshall Fund said groups beyond candidates and their political campaign managers must be increasingly vigilant.
“Everything we do as an organisation, from our policy research to our work strengthening civil society, is dedicated to advancing and protecting democratic values,” it said. “The announcement serves as a reminder that the assault on these values is real and relentless.”
The other groups could not immediately be reached for comment Tuesday.
The targeted research institutes have done work related to issues important to Russian policy and its continuing use of misinformation to influence elections. The German Marshall Fund, for example, has investigated Russia’s use of social media to spread political messages in its favor in various elections in Europe. The German Council on Foreign Relations has published reports related to arms control and the North Atlantic Treaty Organization, which has been at odds with Russia.
Microsoft has been tracking the increase in hacking attempts by nation states, including Russian actors, as part of its Defending Democracy Program, which it announced last year to provide protection to candidates, political parties and nongovernmental organisations working in the field of elections.
It said it was expanding its AccountGuard cybersecurity service free to campaigns and nongovernmental organisations that use its Office 365 software in 12 new European markets to protect against these kinds of hacks.
Microsoft executive Tom Burt said in the blog post that Europe was the birthplace of democracy and that “as the ongoing attacks demonstrate, this idea is increasingly under threat.”