Figure of the Week: 104

  • Read this article in:
  • en
  • ru


On February 20th 2019, Microsoft announced that it had discovered cyberattacks against several democratic institutions, think tanks, and non-profit organisations in Europe, totalling 104 breach attempts. The hacks took place between September and December 2018, affecting institutions including the German Council on Foreign Relations and European offices of The Aspen Institute and The German Marshall Fund.

In total, 104 employee accounts in Belgium, France, Germany, Poland, Romania, and Serbia were targeted via spear phishing campaigns designed to gain access to employee credentials and deliver malware. Spear phishing attacks are a more sophisticated form of phishing, in which hackers include malicious URLs in spoofed email addresses that look legitimate to the recipient.

While the sources of the attacks are still being investigated by Microsoft’s Threat Intelligence Center, the company has stated with confidence that the majority originated from a group called Strontium – also known as APT 28 or Fancy Bear – which is believed to be associated with Russia’s military intelligence agency, the GRU. Fancy Bear is one of the groups responsible for the 2016 hacking of the US Democratic National Committee, and has also been linked to intrusions into the German Bundestag and France’s TV5 Monde. In 2018, Fancy Bear leaked emails stolen from the International Olympic Committee and anti-doping agencies following Russia’s ban from the 2018 Winter Olympics.

A Microsoft company blog post highlights the ongoing cyber threat facing Europe and emphasises that such “attacks are not limited to campaigns themselves but often extend to think tanks and non-profit organizations working on topics related to democracy, electoral integrity, and public policy and that are often in contact with government officials.”

In light of these latest attacks and persistent security concerns about the upcoming European elections, Microsoft has confirmed the rollout of its free cybersecurity service AccountGuard to twelve new EU nations in order to help them close their security gaps. The company did not mince words about the severity of the threat: “The attacks we’ve seen recently, coupled with others we discussed last year, suggest an ongoing effort to target democratic organizations. They validate the warnings from European leaders about the threat level we should expect to see in Europe this year.”

Further reading:

Combined Efforts of Fancy Bears, Russia Today and Sputnik: Hack and Accuse

Related articles



Cases in the EUvsDisinfo database focus on messages in the international information space that are identified as providing a partial, distorted, or false depiction of reality and spread key pro-Kremlin messages. This does not necessarily imply, however, that a given outlet is linked to the Kremlin or editorially pro-Kremlin, or that it has intentionally sought to disinform. EUvsDisinfo publications do not represent an official EU position, as the information and opinions expressed are based on media reporting and analysis of the East Stratcom Task Force.

    Your opinion matters!

    Data Protection Information *

      Subscribe to the Disinfo Review

      Your weekly update on pro-Kremlin disinformation

      Data Protection Information *

      The Disinformation Review is sent through See Mailchimp’s privacy policy and find out more on how EEAS protects your personal data.