The group behind Solarwinds Cybertack, which was identified late last year, is now targeting government agencies, think tanks, consultants and NGOs, Microsoft said on Thursday.
Nobellium, originating from Russia, is the same actor behind the attack SolarWinds Customers in 2020, according to Microsoft.
“This wave of attacks has targeted nearly 3,000 email accounts in more than 1,150 different organizations,” Microsoft said.
Organizations in the United States have received the most share of the attacks, while targeted victims have come from at least 224 countries, Microsoft said.
At least a quarter of the targeted organizations were involved in international development, humanitarian issues and human rights work, Microsoft said in a blog post.
Noblelium launched this week’s attack by breaking the email marketing account used by the United States Agency for International Development (USAID) and launching phishing attacks on several other organizations from there, Microsoft said.
Hack information technology company SolarWinds Identified in December, Provided access to thousands of companies and government offices that used its products. Microsoft President Brad Smith The attack was described as “the largest and most sophisticated attack ever seen in the world.”
Earlier this month, Russia’s spy chief denied responsibility for the Solarwinds cybertack, but said he was flattered by accusations from the United States and Britain that Russia was behind the sophisticated hack.
The United States and Britain have blamed Russia’s foreign intelligence service (SVR) for the successor to the KGB’s foreign intelligence service, which has struck deals with nine US federal agencies and hundreds of private companies.
The attacks, launched by Microsoft on Thursday, appear to be part of a larger effort to target government agencies involved in foreign policy as part of an effort to gather spies.
The company said it was in the process of informing all of its target customers and that “there is no reason to believe” that these attacks would involve any exploitation or risk to Microsoft’s products or services.
Thomson Reuters 2021