Microsoft this morning said it had discovered another Russian cyber operation targeting think tanks critical of Moscow. The institutions Redmond says were hit include the German Council on Foreign Relations, European branches of the Aspen Institute, and the German Marshall Fund, so there's a clear Atlanticist flavor to the target list. The method of attack was spearphishing; the spearphisher is said to have been Fancy Bear, that is, Russia's GRU military intelligence service.
Fancy Bear's goal appears to be influencing European elections, both upcoming national elections and the EU elections scheduled for May. Microsoft notes that its findings would seem to confirm alarms raised in many European governments. Ukraine has been particularly explicit in its concerns. That country's National Security and Defense Council announced yesterday that it will undertake joint cyber defense exercises with EU partners in the near future. The announcement was accompanied by charges that Russian hacking and influence operations have risen unabated as Ukraine's March 31st presidential election approaches.
Moscow may sometimes be a victim, too: Check Point says it's detected signs that North Korea's Lazarus Group is turning its attentions to Russia.
A decryptor is now available for GandCrab ransomware's version 5.1, BleepingComputer reports. The fix, by Bitdefender, Romanian Police, Europol, and other law enforcement partners, is also effective against some earlier versions. There are, however, already signs that GandCrab version 5.2 is beginning to circulate in the wild.
An exchange of letters between Citizen Lab and Novalpina outline the suspicions that persist around NSO Group.