Breitbart Microsoft says that SolarWinds hackers, who committed one of the worst cyberattacks to have hit the U.S. government, have struck again with a new global attack targeting more than 150 government agencies, think tanks, and other organizations.
The hackers, who Microsoft call âNobelium,â have targeted approximately 3,000 email accounts at more than 150 different entities in at least 24 countries, with most of the cyberattacks being in the United States, Microsoft said in a blog post on Thursday.
âNobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020,â the company said. âThese attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts.â
Microsoft added that at least a quarter of the attacks targeted organizations involved in international development, humanitarian, and human rights work.
The company explained that Nobelium launched the attacks this week by gaining access to the Constant Contact account of the US Agency for International Development (USAID), and then sent âphishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call NativeZone.â
âThis backdoor could enable a wide range of activities from stealing data to infecting other computers on a network,â Microsoft said.
Microsoft added that it is in the process of notifying all of its customers who have been targeted, but noted that many of the attacks âwere blocked automatically.â
âWe detected this attack and identified victims through the ongoing work of the MSTIC team in tracking nation-state actors,â the company explained. âWe have no reason to believe these attacks involve any exploit against or vulnerability in Microsoftâs products or services.â
Microsoft added, however, that the attacks are notable for three reasons:
âFirst, when coupled with the attack on SolarWinds, itâs clear that part of Nobeliumâs playbook is to gain access to trusted technology providers and infect their customers,â the company said, adding that the hackers increase the chances of collateral damage in espionage operations by piggybacking on software updates, and now, mass email providers.
Second, hackersâ cyberattacks appear to follow issues of concern to the country from which they are operating.
âThis time Nobelium targeted many humanitarian and human rights organizations,â Microsoft pointed out. âAt the height of the Covid-19 pandemic, Russian actor Strontium targeted healthcare organizations involved in vaccines.â
Third, the company said that nation-state cyberattacks arenât slowing down.
âWe need clear rules governing nation-state conduct in cyberspace and clear expectations of the consequences for violation of those rules,â Microsoft said. âWe need to do more.â
Earlier this month, a cyberattack forced a shutdown of a major U.S. pipeline operator, Colonial Pipeline. The hacker group behind the pipeline ransomware attack, received a total of $90 million in Bitcoin ransom payments from 47 victims over the past nine months.
That attack was carried out by a Russian-speaking criminal gang known as DarkSide, according to the FBI.
