Fancy Bear Strikes More Think Tanks

News  |  Feb 20, 2019

Microsoft says Fancy Bear, the cyber intruders who used spear phishing to break into the Democratic National Committee in April 2016, recently targeted European employees of think tanks known to be critical of Russia. 

The Washington Post

The “spear-phishing” attacks — in which hackers send out phony emails intended to trick people into visiting websites that look authentic but in fact enable them to infiltrate their victims’ corporate computer systems — were tied to the APT28 hacking group, a unit of Russian military intelligence that interfered in the 2016 U.S. election. The group targeted more than 100 European employees of the German Marshall Fund, the Aspen Institute Germany, and the German Council on Foreign Relations, influential groups that focus on transatlantic policy issues.

The attacks, which took place during the last three months of 2018, come ahead of European parliamentary elections in May. They highlight a continuously aggressive campaign by Russian operatives to undermine democratic institutions in countries they see as adversaries.

(...)

Shortly before the U.S. midterm elections, Microsoft disabled spear-phishing efforts aimed at prominent conservative organizations and the U.S. Senate. APT28 created phony websites impersonating the groups, as well as people’s colleagues and Microsoft’s own properties.

In January, Microsoft revealed Fancy Bear went after the Center for Strategic and International Studies in Washington, DC.

The Washington Post

“The attacks we’ve seen recently, coupled with others we discussed last year, suggest an ongoing effort to target democratic organizations,” the company said in its blog post. “They validate the warnings from European leaders about the threat level we should expect to see in Europe this year.”

(...)

Andrew Kolb, communications director for the German Marshall Fund, said he was not surprised that the group was a target of Russia.

“We’ve had a program for the last roughly two years that has focused specifically on authoritarian interference online — and a lot of that has meant looking at Russia,” Kolb said. “We sort of assume we’re going to be subject to these kinds of attacks at any time.”

(...)

Microsoft also said Tuesday that it was expanding an initiative to provide enhanced cybersecurity protections free to candidates and campaign offices at the federal, state and local levels that use its Office 365 software, as well as think tanks and political organizations that the company believes are under attack.

Microsoft says it has found another Russian operation targeting prominent think tanks (WaPo)

New steps to protect Europe from continued cyber threats (Microsoft)