Nation-backed hackers are targeting 10,000 Microsoft clients


Microsoft says it has reported that in the last year approximately 10,000 customers are either targeted or affected by threat groups sponsored by the state.

Tom Microsoft Corporate Vice President Customer Securities & Trust Tom Burt says that “around 90% of these attacks targeted our corporate customers and around 16% targeted consumer personal email accounts.

These figurations show that nation states rely on cyber-attacks as a means of collecting and extracting information, as well as “influencing geopolitan politics or achieving other objectives.” The vast majority of national-state attacks against Microsoft customers in the past year led to 781 reports from the AccountGuard Hacking Groups in Iran, North Korea and Russia, with the largest number of

After a series of attacks co-ordinated by APT groups targeting fundamental democratic entities, such as political parties and camps, as well as democratic think tanks and NGOs from 26 countries across the four continents, Microsoft also issued 781 notifications for organizations which form part of its free AccountGuard service.

Microsoft AccountGuard offers registered organizations with potential threats or national actor compromise notifications on O365 accounts and guidance on best practices in terms of security in order to secure digital assets appropriately.

“This data shows that the United States is particularly interested in democratic organizations as 95% of these attacks are aimed at American organizations,” adds Burt. In the course of monitoring nation-state support campaigns in the area of cyber espionage, Microsoft detected attacks against the U.S. presidential elections in 2016 and the last French presidential election with US Senators Candidates, “Those organisations are critical to society but have fewer resources to protect against cyberattacks than big businesses.”

At that time, the Digital Crimes Unit (DCU) of Microsoft was able to take control of the six threat group-controlled Fancy Bear Internet domains and thus partially interrupt operations; twelve other techniques were used to take over 84 additional APT28 domains.

Additionally, between September and December 2018, the Redmond’s Threat Intelligence Center (MSTIC) and Digital Crimes Unit (DCU) detected a number of cyber-spying campaigns targeting European democratic institutions. The staff of this attack included employees of the German Foreign Relations Council, Aspen Institut in Europe and the German Marshall Fund.

The Strontium hacking group was also responsible for this last round of Europe-centric national-state cyber-attacks targeting over 100 organization employee accounts from Belgium, France, Germany, Poland, Romania and Serbia. Strontium has been the target group.

“Attackers generate malicious URLs and spoofed email addresses which appear legitimate, in most cases consistent with campaigns against similar U.S.-based institutions, aiming at gathering credentials for employees and sending malware,” Burt said in February.

Microsoft demoted the ElectionGuard

Free Open-Source Software Development Kit (SDK), which was set up by the Defending Democracy Program of the company at the Aspen Security Forum in Aspen, Colorado.

In voting sites throughout the United States and other democratic countries around the world, Election Guard can be used to secure voting machines from tampering and to make votes more accessible and efficient.

Some of the advantages of using ElectionGuard to secure voting systems are “this will allow the end-to-end verification of elections, the results of secure validation by third-party organisations, and the voting processes to be properly counted by individual electors.” Although ElectionGuard can be used with hardware provided by a variety of manufacturers on both existing and newer voting systems.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.