WASHINGTON — For the second time in six months, Microsoft publicly announced that it detected what appeared to be Russian intelligence agents attempting to hack into think-tank organizations that have been critical of Russian President Vladimir Putin’s authoritarian regime.
The tech company revealed on Tuesday night that more than 100 of its accounts were targeted. The accounts in question belonged to European employees of three think tanks: the German Council on Foreign Relations, the Aspen Institute affiliates in Europe and the German Marshall Fund. Microsoft said the attacks took the form of spear-phishing — deceptive email messages that appear to be legitimate and dupe the recipient into revealing passwords or other sensitive data.
During the 2016 election, Russian hackers allegedly spear-phished John Podesta, Hillary Clinton’s campaign chairman, gaining access to his Gmail account. WikiLeaks later published thousands of Podesta’s private emails in the run-up to election day. A grand jury convened by Special Counsel Robert Mueller indicted 12 Russian agents in July 2018 for hacking Podesta’s email account, among other crimes.
Microsoft said it was continuing to investigate this latest wave of cyberattacks, which occurred between September and December 2018, but added it was “confident that many of them originated from a group we call Strontium.” Strontium is a name used for the hacking team also known as APT28 and Fancy Bear, which is part of Russia’s military intelligence service.
Last August, Microsoft disclosed that Russian hackers had targeted members of the U.S. Senate and two American think tanks, the Hudson Institute and the International Republican Institute. The senators and the two organizations had been critical of Russia or supportive of sanctions against Putin’s regime. At the time, Microsoft President Brad Smith said his company had used a court order to seize control of phony URLs mimicking a legitimate Microsoft product that were used by the hackers to trick their targets into giving up personal data.
Microsoft said that it had quickly alerted the targets of the spear-phishing attacks and “took a variety of technical measures to protect customers from these attacks” but did not go so far as to use a court order.
Karen Donfried, the president of the German Marshall Fund, an international, nonpartisan think tank that extensively researches and publishes on authoritarianism and foreign disinformation, said in a statement she wasn’t surprised to learn of the Russian-based attacks on the organization.
“The announcement serves as a reminder that the assault on these values is real and relentless,” Donfried said. “As Microsoft’s announcement reinforces, the risk is not just for candidates and campaigns. Organizations and individuals need to be aware and prepared that malign forces, including sophisticated state actors, seek to exploit them in the digital space.”
Microsoft also announced that it was expanding its free AccountGuard service intended to protect against hacking efforts and other cyber-meddling to 12 more European countries: France, Germany, Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal, Slovakia and Spain.
The software is already available in the U.S., Canada, Ireland and the United Kingdom for candidates, political parties and campaign offices at the local and national levels as well as think tanks, nonprofits and NGOs that worked on democracy and election integrity issues.