In the wake of the Solar Winds hack campaign, state-backed Russian cyber spies launched targeted phishing attacks on US and foreign government agencies and think tanks this week using the US Agency for International Development’s (USAID) email marketing account. Microsoft That is to say.
The effort targeted 3,000 email accounts in more than 1,150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, said Tom Burt, vice president of Microsoft. Wrote in a blogpost on Thursday.
Microsoft identified the perpetrators of the attack as the Nobellium, a group that began in Russia and followed. Attack on Solarwinds customers in 2020.
“Nation-state cyber-attacks are not slowing down,” Burt wrote. “We need clear rules for conducting nation-state conduct in cyberspace and a clear expectation of the consequences of violating those rules.”
The attack comes a month after the United States expelled Russian diplomats and imposed sanctions on Russian officials and companies. Crack down Election interference and cyber espionage.
It was first set between US President Joe Biden and his Russian counterpart, Vladimir Putin Next month.
Microsoft did not say which side of the effort could be the successful intruder, although Burt wrote that many of the attacks targeting the company’s customers were automatically stopped.
Cybersecurity company Volexity, which also tracked the campaign but has less visibility into the email system than Microsoft, said in a post that the relatively low detection rate of phishing emails suggested the attacker had “probably some success in the breach.”
Burt said the operation was a continuation of Russian hackers’ efforts to “target government bodies involved in foreign policy as part of an intelligence gathering”. He said the targets were spread across at least 224 countries, while the US agency represented a large proportion of the victims.
The hackers gained access to USAID’s account in Content Contact, an email marketing service, Microsoft said. The May 25 authentic-looking phishing claims email intended to include new information on the 2020 election fraud claim and included links to malware that allowed hackers to “gain continued access to compromising machines.”
Microsoft said in a separate blogpost that the campaign was ongoing and that it evolved from several waves of spearfish campaigns that were first discovered in January and increased in mass mailing this week.
USAID Acting Spokesperson Pooja Jhunjhunwala told parents the agency was “aware of possible malicious e-mail activity from the contracted Constant Contact email marketing account” and a forensic investigation was underway.
USAID has “informed and is working with all appropriate federal authorities,” Jhunjhunwala said. The Department of Homeland Security also said it was investigating the hack. Constant Contact spokeswoman Kristen Andrews called the affected accounts “disabled” because they were temporarily disabled.
The last cyber-attack is after May 7th Ransomware attacks on colonial pipelines Which shut down America’s largest fuel pipeline network for several days, disrupting supplies.
The Solarwinds hack began in early March 2020 when an update to the company’s popular software, Oren, contained malicious code that bolstered the company’s interest and the government’s computer networks. That malware gave hackers remote access to the organization’s network so they could steal information.
Of Hacky campaign, Which infiltrated dozens of private sector companies and think tanks, as well as at least nine U.S. government agencies, was hit hard by cybersecurity company Firewall before it was discovered in December. In contrast, this new campaign is said by cybersecurity researchers to be noisy and easy to identify.
Microsoft used two mass distribution methods: SolarWinds Hack exploited a supply chain of software updates from trusted technology providers; This campaign piggybacked to a mass email provider. With both methods, the company said, hackers undermined trust in the technology ecosystem.
The chairman of Microsoft is Brad Smith The Solarwinds attack was first described As “the largest and most sophisticated attack ever seen in the world.”
Earlier this month, Russia’s spy chief denied responsibility for the Solarwinds attack, but said he was “flattered” by juicy foreign spies over allegations made by the United States and Britain.
US and UK Russia’s foreign intelligence service has denied the allegations in a statement issued Friday stating “Similar, baseless allegations concerning Russia’s intelligence have been made more than once, The successor to the KGB’s foreign espionage operations for the Solar Winds attack.
The Associated Press and Reuters contributed to this report