As Europe prepares to vote, Microsoft warns of Fancy Bear attacks on democratic think tanks

Europeans go to the polls in May, and Microsoft is warning that not enough democratic organizations are protected from hackers.
EU sanctions
European Union flags in front of the European Parliament in Brussels. (Getty Images)

Three months before parliamentary elections in Europe, Microsoft says it has detected hacking attempts on democracy-focused think tanks from the Russian hacking group that breached the Democratic National Committee in 2016.

From September to December 2018, hackers conducted cyberattacks on employees of the Aspen Institutes in Europe, the German Council on Foreign Relations, and the German Marshall Fund, Microsoft said late Tuesday. Microsoft said it was “confident” the hacking group it calls Strontium, more commonly known as Fancy Bear or APT28, was responsible for many of the attacks. Western officials have attributed the group to Russia’s military intelligence directorate.

The malicious cyber-activity concentrated on 104 accounts of think tank employees based in Belgium, France, Germany, Poland, Romania, and Serbia. Two of the affected organizations contacted by CyberScoop indicated the hacking attempts were unsuccessful.

Andrew Kolb, a German Marshall Fund spokesman, told CyberScoop that there was no evidence his organization’s systems were compromised. Tyson Barker, a program director at Aspen Institute Germany, said the attempted hacking was unsuccessful. Eva-Maria McCormack, a spokeswoman for the German Council on Foreign Relations, confirmed the council was targeted, but declined to comment further, citing an ongoing investigation.


In a statement, the Aspen Institute Germany called the cyberattacks a “wake-up call” as democratic think tanks and organizations are “core to thriving, dynamic democracies.”

Burt said Microsoft “quickly notified each of these organizations when we discovered they were targeted so they could take steps to secure their systems.”

European Union citizens go to the polls in May for what could be momentous parliamentary elections. Former NATO Secretary-General Anders Fogh Rasmussen said last week he believed Russia would make a “major” effort to disrupt the elections. With warnings like that in mind, Microsoft said Tuesday it would offer its cyberthreat detection product known as AccountGuard in twelve new European countries, including Estonia, France, and Germany, all which have reportedly been the target of Kremlin-backed hacking operations.

There are also several national elections in Europe this year, including Ukraine, which is not an EU member but has often borne the brunt of Russia’s digital incursions.

Since the 2016 U.S. election, in which Fancy Bear and other Russian hackers interfered with a devastating hack-and-leak operation, Microsoft has been a weathervane for Russian attempts to disrupt Western democratic organizations. Last July, the tech giant revealed the first known Russian hacking attempt against candidates in the U.S. midterm elections. A month later, Microsoft said Fancy Bear had been spoofing the websites of the U.S. Senate and conservative think tanks.


“Many organizations essential to democracy do not have the resources or expertise to defend themselves against cyberattacks,” Microsoft warned Tuesday.

Despite the technical evidence documenting Russian hacking activities, the Russian government has dismissed the hacking allegations as politically motivated.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts