Kansas City

Group behind SolarWinds hack targets 150 organizations in new attack – Kansas City, Missouri

Kansas City, Missouri 2021-05-28 10:56:27 –

Redmond, WA — The same Russian group behind the SolarWinds hacking campaign launched another wave of attacks this week against government agencies, think tanks, consultants, and non-governmental organizations, Microsoft announced.

Tom Bart, Vice President of Customer Security and Trust at Technology Companies, said: Said in a blog post on Thursday Threat actor Nobel Rium targets approximately 3,000 email accounts in more than 150 organizations in at least 24 countries, most of which are in the United States.

Bert said at least a quarter of the targeted organizations were involved in international development, humanitarian assistance and human rights activities.

“These attacks appear to be a continuation of several efforts by Nobelium to target government agencies involved in foreign policy as part of its intelligence gathering efforts,” Bert wrote.

Mr. Bert said Nobelium launched this week’s attack by gaining access to the United States Agency for International Development’s (USAID) “Constant Contact” account. This service is used for email marketing.

From there, the group was able to distribute a phishing email that looked real, but it contained a link.

“This backdoor has the potential to enable a wide range of activities, from data theft to infecting other computers on the network,” Bert wrote.

According to Burt, many attacks targeting Microsoft customers are automatically blocked, and Windows Defender is blocking the malware involved in the attacks. Microsoft is working to notify targeted customers.

Burt said there was no reason to believe that the attack involved exploits or vulnerabilities in Microsoft products and services.

Microsoft states that the attack is noteworthy for three reasons.

First, it’s clear that accessing a trusted technology provider to infect customers is part of Nobelium’s strategy. Second, the activities of groups and similar actors tend to track issues of concern to the countries in which they operate. And third, national cyberattacks are not slowing down.

Group behind SolarWinds hack targets 150 organizations in new attack Source link Group behind SolarWinds hack targets 150 organizations in new attack

Back to top button