Microsoft accused Fancy Bear of cyber attacks on civil liberties groups in Europe. The company announced this on its blog in the announcement of the expansion of Microsoft AccountGuard in Europe.
The company did not mention Russia, but the announcement is a shared text of Politico in which Russia is accused of interfering in the elections in Europe. The aim of the attacks is several organizations: the German Council on Foreign Relations, the Aspen Institute in Europe and the German Marshall Fund. Only in these three organizations, the company has found 104 profiles that have been attacked and employees are in several countries. Employees of these think tanks and targeted NGOs have been found in Belgium, France, Germany, Poland, Romania, and Serbia.
Microsoft blamed the Strontium group for the attacks. This group is probably also known as "Fancy Bear". Many security experts link this group with the Russian authorities. Hackers from this group are suspected of multiple attacks, and probably become best known after the release of the Democratic Party's data in the United States and allegations of interference in the US election.
The group is extremely skillful. In the ranking of security experts, CrowdStrike Russian state hackers are far ahead of the rest. The company estimates that "bears" need less than 18 minutes to start spreading as soon as they succeed in compromising one entry point. North Korea's hackers are second in second place, which are 7 times slower and their average time is 2 hours and 20 minutes, according to Security Week.