A spearphishing campaign that targeted nonprofit groups and think tanks in Washington, D.C., drew Microsoft’s attention because it had “characteristics of previously observed nation-state attacks,” the tech giant said Monday. Because of the people being targeted and the specifics of the spearphishing messages, “Microsoft took the step of notifying thousands of individual recipients in hundreds of targeted organizations,” the company explained in a blog post that shared the technical specifics of the attack. Cyber firm FireEye first publicized the campaign last month, and MC and Reuters subsequently added details.
“Our sensors revealed that the campaign primarily targeted public sector institutions and non-governmental organizations like think tanks and research centers, but also included educational institutions and private-sector corporations in the oil and gas, chemical, and hospitality industries,” Microsoft’s research and threat intelligence teams said in the blog post. The company acknowledged that other firms had attributed the campaign to APT 29, the Russian intelligence service also known as Cozy Bear, but it said it “does not yet believe that enough evidence exists to attribute this campaign” to that group.
Think tanks are a major target of foreign governments, with many of them facing cyber attacks on a daily basis.