10,000 Microsoft customers targeted by nation-state attacks in the last year

Microsoft has tied the attacks — some of which have been successful — with a group linked with Iran (APT 33), with a group from North Korea (APT 38), as well as with two groups linked with Russia (APT 28 and APT 29).

Microsoft has notified 10,000 customers in the past year that they have been the brunt of nation-state cyberattacks — some of which were successful — from Iran, North Korea, and Russia, Microsoft announced Wednesday.

“This data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics or achieve other objectives,” Tom Burt, corporate vice president of customer security & trust at Microsoft, wrote in a blog post on the matter.

Microsoft has linked the attacks with a group linked with Iran broadly known as APT 33, with a group from North Korea known as APT 38, as well as two groups linked with Russia, APT 28 and APT 29, which Microsoft dubs Strontium and Yttrium respectively. APT 28 was behind the intrusions at the Democratic National Committee.

Some of the attacks observed appear to be related to U.S. politics and the democratic process, but many were not, according to Microsoft’s Threat Intelligence Center.


The announcement comes in conjunction with the debut of Microsoft’s ElectionGuard technology at the Aspen Security Forum this week, which is an open-source software development kit meant to make election voting more secure. It is intended to allow voting officials, reporters, or any third party to verify that votes have been tallied correctly.

“The world’s democracies remain under attack as new data we are sharing today makes clear,” Burt said.

Last year there were nearly 800 cyberattacks from nation-states against political organizations, 95 percent of which were located in the U.S., Burt said. Some of these political attacks have targeted non-governmental organizations that work with candidates or political parties, which aligns with a trend in the buildup to previous elections in Europe and the U.S. alike, indicating attacks against campaigns and election systems may be ahead.

“A spike in attacks on NGOs and think tanks that work closely with candidates and political parties, or work on issues central to their campaigns, serve as a precursor to direct attacks on campaigns and election systems themselves,” Burt said.As we head into the 2020 elections … we anticipate that we will see attacks targeting U.S. election systems, political campaigns or NGOs that work closely with campaigns.”

A senior intelligence official told reporters late last month that the intelligence community continues to track Iran, Russia, and China for its efforts to influence the U.S. political process, but noted that as of yet, no intrusions have been observed this cycle related to voting machines.


“We currently … from intelligence sources have no indication that any foreign adversary has disrupted or corrupted elements of the election infrastructure such as voting machines or vote tally systems that are preparing for the 2020 general elections,” the senior intelligence official said in a briefing with reporters.

ElectionGuard is slated to be available through GitHub later this summer. Smartmatic and Clear Ballot are partnering with Microsoft on the technology moving forward, and Dominion Voting Systems is “actively exploring the inclusion of ElectionGuard in their offerings,” Burt noted.

Latest Podcasts