Microsoft warned 10,000 targets of nation-state hackers in one year

Microsoft has revealed it notified nearly 10,000 of its users in the past year they were targeted or compromised by state-backed hackers, primarily from Iran, North Korea and Russia. 

The new figures on Microsoft’s warnings to those targeted were revealed alongside a new system it calls ElectionGuard that was shown for the first time running on a voting system, which it claims can provide secure and verifiable voting. 

The data about nation-state cyber attacks is meant to demonstrate why new technology like ElectionGuard and its free AccountGuard service is needed to protect democracies. 

Microsoft says that 84 percent of the state-backed attacks targeted its enterprise customers, with the remaining 16 percent affecting consumer personal email accounts. 

“While many of these attacks are unrelated to the democratic process, this data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics or achieve other objectives,” said Tom Burt, corporate vice president of Microsoft’s Customer Security and Trust unit. 

Burt said the “majority” of the attacks it notified victims of originated from Iran, North Korea and Russia.   

The company is expecting cyberattacks targeting political organizations like think tanks and political candidates to ramp up ahead of the 2020 US mid-term presidential elections. 

The groups behind the attacks it’s witnessed over the past year are a list of the who’s who of state backed hackers, including Strontium, aka APT28 or the Fancy Bear hacking group, some of whose members have been charged in the US with hacking the World Anti-Doping Agency and European organizations investigating Russia’s use of chemical weapons. 

There’s also Holmium and Mercury hailing from Iran, with the former group thought to be responsible for using the Shamoon malware to steal and delete data from Saudi transport operators. It also singled out a group called Thallium from North Korea. 

Microsoft revealed some new figures about notifications it’s provided to political organizations who’ve taken up its free AccountGuard service, which launched last August and is now available to 26 countries, including Australia as of February. The service is available to organizations that use Office365. 

So far it’s issued 781 notifications to AccountGuard organizations warning them of nation-state attacks. 

“This data shows that democracy-focused organizations in the United States should be particularly concerned as 95% of these attacks have targeted U.S.-based organizations. By nature, these organizations are critical to society but have fewer resources to protect against cyberattacks than large enterprises,” said Burt 

In February Microsoft flagged cyber attacks against democratic institutions, think tanks and non-profit organizations in Europe that targeted 104 employee accounts in Belgium, France, Germany, Poland, Romania, and Serbia. The attacks occurred during the lead up to Europe’s May 2019 elections.  

Microsoft intends to release its software development kit (SDK) for its open-source ElectionGuard software on GHitHub this Northern hemisphere summer. The company does not intend to release election devices but will be working with voting technology vendors.