Officials and investigators say a state-backed Russian group has attacked government agencies, think tanks, consultants and other organizations in the wake of last year’s massive hacking campaign.
Microsoft said in a security update on Thursday that the group, known as Nobellium, had launched the attack, specifically targeting government agencies involved in foreign policy in an effort to gather intelligence.
Microsoft said it was a “sophisticated” and large-scale measurement campaign that enabled hackers to distribute malicious software that distributed fake emails and secure data from victims.
The news comes a month after Washington imposed sanctions last year and fired Russian diplomats for election interference and other hostile activities in response to a massive attack on security software company Solarwinds.
“By piggy-backing software updates and now mass email providers, Noblelium increases the likelihood of collateral damage to espionage operations and reduces trust in the technology ecosystem.”
In one instance, emails from USAID showed “special vigilance” in which “Donald Trump published new documents on election fraud.”
– Attack continues –
The security firm Volexity, which also published research on Hackie On, said it “appears that” the attacker is having some success in targeted violations. “
John Dixon, of the security firm Denim Group, said the latest attack was inadequate to Washington’s sanctions.
Dixon said Russia’s various hacking operations, with Kremlin approval, are “all different repetitions of the same intelligence operations” and “they are doing it without fear of retaliation.”
Hackers used Oren to gain access to the network, allowing them to swipe data and install malicious codes that serve as “backdoors” that can be used to hide in the system at will.
The revelation comes as US President Joe Biden and Russian leader Vladimir Putin prepare for the first summit in Geneva next month.
rl / bgs