Political priorities: Microsoft’s attribution of some of these attacks to Fancy Bear and the Lazarus Group is significant. Both groups are favorites of their governments, which regularly deploy them to steal information or disrupt operations in ways that benefit their foreign policy goals.
Fancy Bear was one of two Moscow-backed groups to breach the Democratic National Committee in 2016. It has also hacked the German parliament, the White House, NATO and the International Olympic Committee.
The Lazarus Group earned infamy for hacking Sony Pictures Entertainment in 2014 in apparent retaliation for a film that mocked North Korean leader Kim Jong-un. In 2017, it unleashed the WannaCry ransomware that struck hundreds of thousands of companies around the world. It has also frequently penetrated and wiped the computer networks of South Korean companies and government organizations.
Give cyber peace a chance: Microsoft used its announcement to argue for a global prohibition against cyberattacks on critical infrastructure such as healthcare systems. On Friday, Microsoft President Brad Smith will deliver this message in a speech at the Paris Peace Forum.
“Microsoft is calling on the world’s leaders to affirm that international law protects healthcare facilities and to take action to enforce these laws,” Burt wrote. “We believe these laws should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate — or even facilitate — within their borders.”