“About 84% of these attacks targeted our enterprise customers, and about 16% targeted consumer personal email accounts,” says Microsoft Corporate Vice President for Customer Security & Trust, Tom Burt. Hacking groups from Iran, North Korea, and Russia were behind the vast majority of nation-state attacks against Microsoft customers over the past year, with the most notable activity coming from threat actors such as “Holmium” and “Mercury” operating from Iran, “Thallium” operating from North Korea, and two actors operating from Russia called “Yttrium” and “Strontium.”
The data collected by the Microsoft Threat Intelligence Center while analyzing these attacks has been added by Redmond within its own security products which help the company protect its customers from future advanced persistent threat (APT) group operations targeting its user base. Microsoft also issued 781 notifications to organizations part of its free AccountGuard service after unearthing a number of attacks coordinated by APT groups and targeting democracy fundamental entities such political parties and campaigns, as well as democracy-focused think tanks and nongovernmental organizations (NGOs) from 26 countries across four continents.
While monitoring nation-state backed cyber-espionage campaigns, Microsoft detected attacks targeting the 2016 U.S. presidential election and the last French presidential election, with U.S. senatorial candidates also being under siege in 2018 after being attacked by the Russian-backed Strontium hacking (aka Fancy Bear or APT28 ). A number of other cyber-espionage campaigns targeting European democratic institutions were also detected by Redmond’s Threat Intelligence Center (MSTIC) and Digital Crimes Unit (DCU) between September and December 2018, with employees of the German Council on Foreign Relations, the Aspen Institutes in Europe and the German Marshall Fund being among some of the targeted individuals in these attacks.
“As we head into the 2020 elections, given both the broad reliance on cyberattacks by nation-states and the use of cyberattacks to specifically target democratic processes, we anticipate that we will see attacks targeting U.S. election systems, political campaigns or NGOs that work closely with campaigns,” added Burt.