Hong Kong/London (CNN Business)The hackers behind one of the worst data breaches ever to hit the US government have launched a new global cyberattack on more than 150 government agencies, think tanks and other organizations, according to Microsoft.
The group, which Microsoft calls “Nobelium,” targeted 3,000 email accounts at various organizations this week — most of which were in the United States, the company said in a blog post Thursday.
It believes the hackers are part of the same Russian group behind last year’s devastating attack on SolarWinds — a software vendor — that targeted at least nine US federal agencies and 100 companies.
Cybersecurity has been a major focus for the US government following the revelations that hackers had put malicious code into a tool published by SolarWinds. A ransomware attack that shut down one of America’s most important pieces of energy infrastructure — the Colonial Pipeline — earlier this month has only heightened the sense of alarm. That attack was carried out by a criminal group originating in Russia, according to the FBI.
Microsoft (MSFT) said that at least a quarter of the targets of this week’s attacks were involved in international development, humanitarian, and human rights work, across at least 24 countries. It said Nobelium launched the attack by gaining access to a Constant Contact email marketing account used by the US Agency for International Development (USAID).
“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” the company said.
According to Microsoft, the latest campaign began in late January and was discovered in February. The hackers honed their techniques throughout March, April and early May before “significantly” escalating their attacks on May 25, when they used Constant Contact to “target around 3,000 individual accounts across more than 150 organizations.” The hackers custom-tailored their attacks to each target, in an apparent effort to reduce the chances of being detected.
USAID acting spokesperson Pooja Jhunjhunwala said Friday that the agency was aware of “potentially malicious email activity” from a compromised Constant Contact marketing account. A forensic investigation into the incident is ongoing, added Jhunjhunwala.
The White House’s National Security Council and the US Cybersecurity and Infrastructure Security Agency (CISA) are both aware of the incident, according to spokespeople. CISA is “working with the FBI and USAID to better understand the extent of the compromise and assist potential victims,” a spokesperson said.
By gaining access to USAID’s account, the hackers were able to send out phishing emails that Microsoft said “looked authentic but included a link that, when clicked, inserted a malicious file” that allowed the hackers to access computers through a backdoor.
“This backdoor could enable a wide range of activities from st
Microsoft says SolarWinds hackers have struck again at the US and other countries
Go To The SourceRead More