In August 2018, six web domains operated by the Strontium group spoofing several U.S. conservative organizations were seized by Microsoft by virtue of a court order. Today, the Redmond giant announced that the same malicious group has been found perpetrating a similar form of cyber attack on Europe-based democratic groups, think tanks, and non-profit organizations.
Tom Burt, Corporate Vice President for Customer Security and Trust at Microsoft, said in a blog post that the spoofing attacks were carried out between September and December of last year against employees of the German Council on Foreign Relations, The Aspen Institutes, and The German Marshall Fund, among other targets. Microsoft's Threat Intelligence Center and Digital Crimes Unit discovered the malicious activities, which targeted a total of 104 accounts owned by individuals based in Belgium, France, Germany, Poland, Romania, and Serbia.
The attacks involved the setup of malicious URLs and phony email addresses meant to hack the targets' credentials in order to spread malware. Microsoft said it immediately alerted the target organizations to the attacks. As part of its efforts to help customers fight off spoofing, the software giant is extending its AccountGuard cyber security offering to 12 new European markets including France, Germany, Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal, Slovakia, and Spain.
AccountGuard was previously introduced to the U.S., Canada, Ireland, and the U.K. markets and it mainly works to notify customers of cyber threats and help them beef up the security of their system. Microsoft vows to make the cyber security service available to other markets in Europe over the coming months. The product is designed for political organizations and campaign groups as a free offering under their Office 365 subscription.