Microsoft: Hacker continued cyber attacks against European organizations

ICS Attack Framework “TRITON”

Microsoft wrote on the blog today that hackers have targeted their intrusions to “extend to think tanks and non-profit organizations working on topics related to democracy, electoral integrity, and public policy and that are often in contact with government officials“. Microsoft said that it has detected hackers to attack “democratic institutions in Europe.” Most of these attacks occurred between September and December 2018, mainly through malicious websites and seemingly forged email addresses, designed to steal the credentials of their employees and spread malware.

ICS Attack Framework “TRITON”

Tom Burt, Microsoft’s Corporate Vice President, Customer Security & Trust, said in a blog post:

“The attacks against these organizations, which we’re disclosing with their permission, targeted 104 accounts belonging to organization employees located in Belgium, France, Germany, Poland, Romania, and Serbia.”

Microsoft said that although these sources of attack are still being investigated, Microsoft is “confident that many of them originated from a group we call Strontium.” The organization has another nickname Fancy Bear and APT28, there is a certain allegedly associated with Russia. Prior to the 2016 US presidential election, this hacker group was suspected of attacking the Democratic National Committee and other American political groups.