Picture: ISTOCK
Picture: ISTOCK

Frankfurt am Main — Tech company Microsoft says it has detected hacker attacks ahead of European Parliament and national elections in the EU, in a warning to civil society groups, politicians and campaigns.

The company said a group it calls Strontium, known to security firms and government agencies as Fancy Bear or APT28 and widely believed to be linked to Russian intelligence, is behind the attacks.

“At Microsoft, we’ve seen recent activity targeting democratic institutions in Europe,” security chief Tom Burt wrote in a blog post. “Attacks are not limited to campaigns themselves but often extend to think tanks and nonprofit organisations working on topics related to democracy, electoral integrity and public policy and that are often in contact with government officials,” he said.

Among others, Microsoft found the hackers targeted 104 employee accounts from well-known groups the German Council on Foreign Relations, the Aspen Institutes in Europe and the German Marshall Fund in 2018 from September to December.

The hackers deployed so-called “spearphishing” tactics — using targeted fake e-mails or websites to try harvest workers’ credentials and gain access to computer systems. mong the targets were employees based in EU members Belgium, France, Germany, Poland and Romania as well as non-member Serbia.

“Organisations and individuals need to be aware and prepared that malign forces, including sophisticated state actors, seek to exploit them in the digital space,” German Marshall Fund president Karen Donfried said in a blog post.

“It is more important than ever that we be vigilant to protect our democracies from foreign interference, including online.”

The continent faces a string of votes in the next months, including European Parliament elections in May, parliamentary polls in Estonia, Finland and Belgium and presidential ballots in Slovakia, Ukraine and Lithuania.

“It is highly likely that foreign powers will target many of these elections,” former Nato secretary-general and Danish Prime Minister Anders Fogh Rasmussen warned last week at the Munich Security conference

Attacks could come “either by breaking into electoral systems, covertly supporting candidates or in getting toxic news in traditional and online media”, he said.

Former US vice-president Joe Biden backed Rasmussen in warning of “cyber attacks, dark money influence operations and disinformation” used by “Russian but also other actors”.