After launching Cyber attacks on the US Democratic National Committee Servers in 2016 to access sensitive info and then the German Council on Foreign Relations and European Offices of the Aspen Institute & the German Marshall Fund; news is now out that Russian intelligence funded hacking group APT28 aka Fancy Bear has targeted some of the employees of the European Political Organizations last year.
Technology Giant Microsoft released a report on the issue a few hours ago stating that it detected attacks between Sept and December 2018 targeting 104 accounts belonging to employees from political organizations hailing from over 12 EU nations which include France, Germany, Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal, Slovakia, and Spain.
Security experts from Microsoft say that the attacks were detected by the company’s software suite named “Account Guard” launched in August 2018 as part of its Defending Democrats Program to safeguard accounts and services of top Political Campaigns from UK, US, and Canada.
Now, to those who don’t know much about “Account Guard”, here’s a gist. The program helps political campaigns and organizations sign up the Office 365, Hotmail or Outlook.com accounts of the staff in a secure way and protects them from almost all cyber threats prevailing in the cyber landscape.
Technically speaking, AccountGuard helps Microsoft keep a tab on the accounts being targeted by state-funded actors and alerts admins and victims about the threat.
“We have seen a lot of activity targeting democratic institutes in Europe and our Threat Intelligence Center is committed to protecting the users from digital crimes”, said Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft.
Tom Burt added in his statement that the attacks could have been launched to influence the democracy, electoral integrity and public policing.
Note 1- APT28 is known to target its victims through spear-phishing campaigns where it steals data related to login credentials or infects victims with malware.
Note 2– At the end of January 2019, Google, the business unit of Alphabet Inc decided to protect political parties from Distributed denial of service campaigns through its “Project Shield Campaign”.
Note 3- Microsoft says that the recent cyber attack launched by APT28 could have a political motive to influence the General Presidential Elections to be held in May this year.
Note 4- Microsoft calls the fancy bear hacking group as ‘Strontium’ internally and confirms that the group is being funded by Russian Military Intelligence GRU.