Microsoft reports cyber-attacks by Russian SolarWinds hackers again

Spread the love

Microsoft says there have been several cyber attacks targeting US government agencies, think tanks, consultants and companies again. The attacks targeted at least 3,000 email accounts from more than 150 companies and originated in Russia.

In a blog post, the company writes that it has again observed cyber attacks this week from Nobelium, the Russian party believed to be responsible for the SolarWinds hack at the end of last year and for various types of malware used in the hack. The new attacks target more than 150 companies from 24 countries, mainly targeting companies active in international development, human rights and development aid.

According to Microsoft, Nobelium this week gained access to a Constant Contact account from the government agency USAID, which is responsible for development cooperation initiatives involving the US government. Constant Contact is an email marketing automation service. Through that account, hackers were able to send phishing emails with which they could get a back door into affected systems.

Microsoft writes that a large part of the phishing emails are automatically blocked or marked as spam. But it doesn’t rule out that the emails got through in some cases, especially since the emails appeared to be from USAID. According to Microsoft, these are targeted spear-phishing emails with an HTML file as an attachment, which, when clicked, gives access to a victim’s system. The attack is very similar to previous Nobelium attacks, according to Microsoft.

Microsoft says that Windows Defender now automatically blocks malware used in this attack. It also warns customers affected by the hack. It is still unknown which companies and agencies were affected and which data was stolen.

The SolarWinds hack, which according to Microsoft comes from the same group, was previously attributed by the US to the Russian state. The US has expelled ten Russian diplomats, among others, over the hack. The SolarWinds hack affected at least 100 companies and nine government agencies, the US government says. The New York Times estimated that at least 250 businesses and government agencies were affected. The hack came to light in December last year.

You might also like
Exit mobile version