This article was published on July 18, 2019

State-sponsored cybercriminals attacked 10,000 Microsoft customers in 2018

State-sponsored cybercriminals attacked 10,000 Microsoft customers in 2018 Image by: Microsoft
Ravie Lakshmanan
Story by

Ravie Lakshmanan

Microsoft said on Wednesday that it had notified almost 10,000 customers in the past year that they’d been the target of state-sponsored attacks.

The Windows maker said the attacks originated from countries like Iran, North Korea, and Russia.

“This data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics or achieve other objectives,” Tom Burt, corporate vice president of customer security & trust at Microsoft, wrote in a blog post.

About 84 percent of these attacks were aimed at its enterprise customers, and the remaining 16 percent — about 1,600 — targeted consumer personal email accounts.

Since launching its AccountGuard platform for protecting democratic elections last August, the company identified 781 nation-sponsored attacks targeting organizations that make use of the technology — 95 percent of which were located in the US.

Based on data compiled by the Microsoft Threat Intelligence Center, Burt said they have seen extensive activity from the actors Holmium (APT33) and Mercury operating from Iran, Thallium (APT38) operating from North Korea, and two actors operating from Russia called Strontium (APT28 aka Fancy Bear) and Yttrium (APT29).

The cyber espionage group Strontium in particular has been notorious for their involvement in the 2016 hacks of the Democratic National Committee and the NotPetya attacks against Ukranian banks and infrastructure in June 2017.

According to cybersecurity firm CrowdStrike, the collective has operated since 2008 and is believed to be working for the GRU, Russia’s military intelligence service.

To safeguard against such foreign interference to democratic processes, Microsoft said it will begin rolling out a free, open-source software product called ElectionGuard, which it said uses encryption to “enable a new era of secure, verifiable voting.”

The company is working with election machine vendors and local governments to deploy the system in a pilot program for the upcoming 2020 US election.

The system uses a tracking code to allow a voter to verify that his or her vote has been recorded and has not been tampered with. This verification feature will be enabled by homomorphic encryption, Burt noted, adding it will be available through GitHub as a software development kit (SDK) later this summer.

ElectionGuard and similar tools offered by other tech companies are needed more than ever as world’s democracies remain under attack, Burt said. “Governments and civil society have important roles to play, but the tech industry also has a responsibility to help defend democracy.”

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with