Microsoft says hackers tried to breach European think tanks and non-profit organizations

  • Microsoft said Wednesday hackers targeted European think tanks and non-profit organizations that are often in contact with government officials late last year.
  • The tech giant said in a blog post that it detected attacks targeting employees of the German Council on Foreign Relations and European offices of The Aspen Institute and The German Marshall Fund through malicious websites and spoofed email addresses that look legitimate.
European Union flags hang outside the European Commission Headquarters on March 10, 2017 in Brussels, Belgium.
Getty Images
European Union flags hang outside the European Commission Headquarters on March 10, 2017 in Brussels, Belgium.

Microsoft said hackers targeted European think tanks and non-profit organizations which often have contact with government officials.

The attacks were carried out late last year through phishing campaigns to steal employee credentials and deliver malware, the tech giant said in a blog post on Wednesday.

The company said it detected attacks targeting employees of the German Council on Foreign Relations and European offices of The Aspen Institute and The German Marshall Fund through malicious websites and spoofed email addresses that looked legitimate.

"The attacks against these organizations, which we're disclosing with their permission, targeted 104 accounts belonging to organization employees located in Belgium, France, Germany, Poland, Romania, and Serbia," Tom Burt, corporate vice president for customer security and trust at Microsoft, wrote in the blog post.

The German Marshall Fund runs a tool, known as the Hamilton 68, which tracks Russian propaganda and disinformation efforts online in near real-time. Karen Donfried, president of The German Marshall Fund, said in a statement Wednesday that the attacks "came as no surprise."

"Everything we do as an organization, from our policy research to our work strengthening civil society, is dedicated to advancing and protecting democratic values," Karen Donfried, president of The German Marshall Fund, said in a statement Wednesday.

"The announcement serves as a reminder that the assault on these values is real and relentless."

A spokesperson for the German Council on Foreign Relations confirmed that the organization was "the target of cyber attacks during a limited period on the past year."

"This is an ongoing investigation upon which we cannot comment further at this time," the spokesperson told CNBC, adding that the think tank had been implementing "a range of measure(s)" to counter further risks.

Elliot Gerson, executive vice president for policy programs, public programs and international partners at The Aspen Institute said the think tank recently became aware of attempts to hack its European partners, which are independent affiliates.

"While we are aware of no breaches, these attempts are important reminders that we must unite to protect our organizations from forces that threaten our work," Gerson told CNBC in a statement.

Microsoft said while it is still investigating the sources of those attacks, the company is "confident" many of them originated from a group it calls Strontium, also known as Fancy Bear. The group, which has been linked to Russia, was reportedly behind the Democratic National Committee hack before the 2016 presidential elections in the U.S.

"The attacks occurred between September and December 2018. We quickly notified each of these organizations when we discovered they were targeted so they could take steps to secure their systems, and we took a variety of technical measures to protect customers from these attacks," Microsoft said.

The company said it will be offering the Microsoft AccountGuard cybersecurity service in 12 additional European markets from Wednesday, including France, Germany and Sweden. The service is provided to all political candidates, parties and campaign offices at no extra cost, the company said.

European parliamentary elections are due to begin later this year.