A hacking group that is thought to be linked to Russian military intelligence targeted the European offices of two American think tanks, Microsoft revealed late Tuesday.
Fancy Bear, the same hacking group that is believed to be behind some of the 2016 hacking of the Democratic National Committee, targeted The Aspen Institute and The German Marshall Fund of the United States, Microsoft said. The German Council on Foreign Relations was also targeted.
“We’ve seen and continue to see efforts by nation-states and others to influence elections in democracies around the world including in Europe,” Tom Burt, Microsoft’s vice president of customer trust and security, said in a blog post.
“These attacks are not limited to campaigns themselves but often extend to think tanks and non-profit organizations working on topics related to democracy, electoral integrity, and public policy and that are often in contact with government officials,” he added.
The attacks on the three high-profile think tanks took place between September and December 2018, according to Microsoft. The company didn’t say whether the attackers were successful but said that it quickly notified the organizations that they were being targeted and helped them secure their systems.
Andrew Kolb, a spokesperson for The German Marshall Fund — which receives funding from the United States, Germany and other governments — told CNN Business that it didn’t appear that its systems had been compromised as a result of the hacking attempt.
The fund’s president, Karen Donfried, suggested in a statement that the organization may have been targeted because its work has included supporting efforts to combat alleged attempts by Russia and other nations to “undermine democracy and democratic institutions.”
Elliot Gerson, executive vice president overseeing public and policy programs and international partners at the Aspen Institute, said the organization was not aware of any breach that would indicate the hackers were successful.
“These attempts are important reminders that we must unite to protect our organizations from forces that threaten our work,” he said.
A spokesperson for the German Council on Foreign Relations said it is conducting an ongoing investigation.
European elections looming
“Consistent with campaigns against similar US-based institutions, attackers in most cases create malicious URLs and spoofed email addresses that look legitimate,” Burt wrote in the Microsoft post. “These spearphishing campaigns aim to gain access to employee credentials and deliver malware.”
Last August, Microsoft said that Fancy Bear had targeted the US Senate, and just last month CNN reported that the same hacking group had targeted another Washington-based think tank, the Center for Strategic and International Studies.
Microsoft’s announcement Tuesday serves as a warning ahead of European Parliament elections in May, when voting will take place across the European Union.
Microsoft said it would extend its Microsoft AccountGuard service to 12 more European countries, including France and Germany. AccountGuard is a cybersecurity service Microsoft offers to political candidates, non-profits, and nongovernmental organizations working on issues relating to democracy.
The service is already available to campaigns in the United States, Canada, the United Kingdom, and Ireland.
Microsoft pointed to “hacking and disinformation attacks” on France’s presidential election in 2017 as a previous example of a European democracy grappling with cyber interference. The campaign of Emmanuel Macron, who eventually won the election, said at the time that it was the victim of a “massive and coordinated hacking operation.”