Posted on July 18, 2019 at 10:54 AM
The tech giant Microsoft has just issued another warning against the nation-backed hackers, stating that the company already notified more than 10,000 of its users of the threat in the past year. In his post, the company’s Corporate Vice President of Customer Security & Trust, Tom Burt, stated that the majority of the attacks (around 84%) are targeting large organizations and corporations. As for the remaining 16%, Burt claims that they are mostly targeting consumers in email-based phishing attacks.
Microsoft warns corporations and politicians: Hackers are still a threat
Hacking attacks have been growing in recent years. Their growth can be seen in number, strength, and severity, and despite the fact that Microsoft has warned potential targets, some of the 10,000 that were notified still got hacked anyway. Burt also mentioned that some of them were only targeted, and the attacks were either repelled or did not come yet, although he did not mention any specific figures or names.
He also believes that these figures confirm the fact that nation-states still rely heavily on hacking attacks for gathering intelligence and influence geopolitics, among other goals. It was noted that US citizens involved in the democratic processes are particularly heavily targeted by foreign government-backed hackers, especially in 2018.
Microsoft made over 740 notifications to the country’s campaigns and political parties last year. The company believes that the majority of the attacks are coming from countries such as North Korea, Russia, Iran, and alike. In fact, Microsoft even managed to narrow down the attacks to five specific groups, allegedly sponsored by these countries. One such group was named Holmium by Microsoft itself, while another is called APT33 by a security company, FireEye.
FireEye kept a close eye on hacking activities for a long time now, and they believe that this particular group targets US-based organizations, but also those in South Korea and Saudi Arabia. More often than not, targets are closely connected to commercial aviation, petrochemical-focused energy, and military.
Fancy Bear once again springs into action
Another of the five groups is identified as a Russia-based Strontium, better known as Fancy Bear, and APT28. This is a decade-old hacking group that has been active since at least 2008. However, researchers also believe that the group is closely connected to Russia’s military intelligence service, GRU. Furthermore, Fancy Bear was one of the two groups that were responsible for hacking the Democratic National Committee three years ago, just before the 2016 US presidential election.
Of course, the group is believed to be responsible for numerous other incidents, including the security breach at World Anti-Doping Agency, France’s TV5Monde, and Germany’s Bundestag, to name a few. Other major groups were identified as North Korean Thallium, Iran’s Mercury, and another Russian hacking group Yttrium, which was caught targeting non-government organizations in the US, as well as the country’s think tanks.
It is not uncommon for hackers to go for think tanks, as they are typically much easier to hack than other government-related entities which might be strong sources of information. Many in the think tanks have a connection to the government, including former employees, as well as those who occasionally work on governmental projects. Given that the 2020 elections are approaching, and the hackers’ past behavior and targets, Burt believes that it is rather clear what can be expected in the near future.
After all, countries such as Russia attempted to interfere with the US elections in the past as well, with the string of incidents in 2016 being the prime example. This is why it is crucial to improve voting systems and secure them as best as possible. Even that might not be enough, but it is clear that hackers are only getting stronger and more determined, so researchers must do the same.