Meta description: On Thursday, the Russian Group behind the SolarWinds hack has launched a new campaign aimed at government agencies, think tanks and NGO's.After access to a United States International Development Agency (USID), or USAID, email marketing service ,according to Microsoft, Nobelium launched the current attacks.
These attacks seem to be a follow-up to Nobelium's many efforts to target foreign policy ,government agencies as part of its intelligence efforts. Tom Burt, Microsoft Customer Security and Confidence Vice President , According to Burt, the campaign, which Microsoft described as a current incident, targeted 3,000 email accounts across 150 companies, the majority of which were based in the United States. However, the aims are spread throughout at least 24 countries. At least a quarter of the groups targeted are claimed to operate in areas such as international development and human rights.
The operation entailed sending phishing emails that appeared to be legitimate, but were actually intended to deliver harmful files.
The Associated Press reported that cybersecurity firm Volexity, which also tracked the campaign ,but has less visibility into email systems than Microsoft, wrote in a blog post that the phishing emails' relatively low detection rates suggest the attacker was "likely having some success in breaching targets."
Microsoft did not indicate how many efforts were successful or how many were unsuccessful. Many of the emails in the high-volume campaign would have been blocked by automated systems, according to the report.
Nobelium's spear-phishing attacks continue reoccur, according to Microsoft's blog on Thursday. "It is expected that the organization will engage in additional action utilizing an evolving set of techniques," it stated.
Nobelium, according to Burt, used Constant Contact, a mass-mailing service, to gain access to USAID's account.
On Wednesday, emails purporting to be from USAID were sent, with subject lines such as "special alert" and "Donald Trump has disclosed new documents on election fraud," according to Microsoft.
According to Microsoft, when users open the link, a malicious file is installed in their system, allowing Nobelium access to the affected machines.
Microsoft discovered the attempt thanks to its threat intelligence center's work tracking "nation-state actors," according to Burt. He wrote that the corporation has no reason to believe its goods or services are vulnerable.
The attack of SolarWinds, found at the turn of the year, involved hacking software that the Texas-based firm used widely and led to at least 9 federal agencies and dozens of companies infiltrating.
"The broadest and most sophisticated attack the world has ever seen," Microsoft President Brad Smith said.
Comments