Microsoft says there have again been several cyberattacks targeting US government agencies, think tanks, consultants, and businesses. The attacks targeted at least 3,000 email accounts from more than 150 companies from Russia.
In a blog post , the company writes that this week it again observed cyber attacks from Nobelium, the Russian party responsible for the SolarWinds hack at the end of last year and for various malware types used in the hack. The new attacks are aimed at more than 150 companies from 24 countries, in particular at companies active in international development, human rights and development aid.
According to Microsoft, Nobelium this week gained access to a Constant Contact account from the government agency USAID, which is responsible for development cooperation initiatives involving the US government. Constant Contact is a service for automating email marketing. Through that account, hackers were able to send phishing emails that allowed them to get a back door into affected systems.
Microsoft writes that a large part of the phishing emails are automatically blocked or marked as spam. But it does not rule out that the emails got through in some cases, especially since the emails appeared to be from USAID. According to Microsoft, these are targeted spear-phishing emails with an HTML file as an attachment, which, when clicked, gives access to a victim’s system. The attack is very similar to previous Nobelium attacks, according to Microsoft.
Microsoft says Windows Defender now automatically blocks malware used in this attack. It also warns customers affected by the hack. It is still unknown exactly which companies and organizations were affected and which data was stolen.
The SolarWinds hack, which Microsoft says comes from the same group, was previously attributed by the US to the Russian state . Among other things, the US expelled ten Russian diplomats from the country for the hack. The SolarWinds hack affected at least 100 companies and nine government agencies, the US government says. The New York Times estimated that at least 250 businesses and government agencies have been affected. The hack came to light in December last year.