Microsoft: SolarWinds hackers have struck again at the US and other countries
CNN – The SolarWinds hackers, who are behind one of the worst data breaches ever to strike the US government, have launched a new attack against more than 150 government agencies, think tanks and other organizations, according to Microsoft.
The group, which Microsoft calls “Nobelium,” targeted 3,000 email accounts at various organizations this week — most of which were in the United States, the company said in a blog post Thursday.
These hackers are part of the same Russian group believed to be behind the 2020 attack on software vendor SolarWinds, which targeted at least nine US federal agencies and 100 companies.
The US government has been focusing more heavily on cybersecurity following revelations that hackers put malicious code into a tool published by SolarWinds. A ransomware attack that shut down one of America’s most important pieces of energy infrastructure — the Colonial Pipeline — earlier this month has only heightened the sense of alarm. That attack was carried out by a criminal group originating in Russia, according to the FBI.
According to Microsoft, at least a fourth of the targets in this week’s attacks were involved in international development, humanitarian, and human rights work, across at least 24 countries. The hackers allegedly gained access to a Constant Contact email marketing account used by the US Agency for International Development (USAID).
“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” the company said.
The US Department of Homeland Security and the US State Department did not immediately respond to requests for comment from CNN Business.
The hackers then sent phishing emails that Microsoft said “looked authentic but included a link that, when clicked, inserted a malicious file” that allowed the hackers to access computers through a backdoor.
“This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network,” Microsoft said.
The hackers dressed up the phony email to look as though it originated from USAID, including an authentic user address. The email posed as a “special alert” that invited recipients to click on a link to “view documents” from former President Donald Trump on election fraud, CNN reported.
Many of the attacks were blocked automatically, Microsoft said. The company is notifying customers who were targeted, and said it has “no reason to believe these attacks involve any exploit against or vulnerability in Microsoft’s products or services.”
US intelligence and law enforcement agencies at the time of the SolarWinds hack said the group responsible “likely originated in Russia,” adding that the attack was believed to be an act of espionage, CNN reported.
“When coupled with the attack on SolarWinds, it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers,” Microsoft said, comparing the two attacks.
“By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem,” the company said.
& © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.
The post Microsoft: SolarWinds hackers have struck again at the US and other countries appeared first on NBC2 News.