Tech giant Microsoft said Wednesday it had detected hacker “attacks” ahead of European Parliament and national elections in the EU, in a warning to civil society groups, politicians and campaigns.
The firm said a group it calls Strontium was behind the attacks, known to security firms and government agencies as Fancy Bear or APT28 and widely believed to be linked to Russian intelligence.
“At Microsoft, we’ve seen recent activity targeting democratic institutions in Europe,” security chief Tom Burt wrote in a blog post.
“Attacks are not limited to campaigns themselves but often extend to think tanks and non-profit organizations working on topics related to democracy, electoral integrity, and public policy and that is often in contact with government officials,” he added.
Among others, Microsoft found the hackers targeted 104 employee accounts from well-known groups the German Council on Foreign Relations, the Aspen Institutes in Europe and the German Marshall Fund (GMF) between September and December 2018.
The hackers deployed so-called “spearphishing” tactics — using targeted fake emails or websites to try and harvest workers’ credentials and gain access to computer systems.
Among the targets were employees based in EU members Belgium, France, Germany, Poland, and Romania as well as non-member Serbia.
“Organizations and individuals need to be aware and prepared that malign forces, including sophisticated state actors, seek to exploit them in the digital space,” GMF president Karen Donfried said in a blog post.
“It is more important than ever that we be vigilant to protect our democracies from foreign interference, including online.”
The Old Continent faces a string of votes in the coming months, including European Parliament elections in May, parliamentary polls in Estonia, Finland and Belgium and presidential ballots in Slovakia, Ukraine, and Lithuania.
“It is highly likely that foreign powers will target many of these elections,” former NATO secretary-general and Danish prime minister Anders Fogh Rasmussen warned last week at the Munich Security conference.
Attacks could come “either by breaking into electoral systems, covertly supporting candidates or in getting toxic news in traditional and online media,” he added.