The hackers responsible for the SolarWinds attack that hit hundreds of companies in the United States have reportedly launched a new global cyberattack this time against 150 government agencies and dozens of other organizations, reports computer giant Microsoft.
This week we saw cyberattacks by the dangerous Nobelium group targeting government agencies, think tanks, consultants and non-governmental organizations, said Thursday the management of the multinational computer in a blog.
According to information gathered by Microsoft, the high-level hacker group that Microsoft has dubbed
Nobelium, this week targeted 3,000 email accounts in various organizations, most of which were in the United States.
At least a quarter of the targets of this week's attacks were involved in international development, humanitarian and human rights, in at least 24 countries, Microsoft said.
This time, Nobelium launched its attack by accessing a Constant Contact email marketing account used by the United States Agency for International Development (USAID).
By gaining access to the USAID account, the hackers were able to send phishing emails which Microsoft says
looked genuine, but included a link that, when clicked, inserted a malicious file that allowed hackers to gain access to computers through a backdoor.
This backdoor could enable a wide range of activities from data theft to infecting other computers on a network.
These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gatheringMicrosoft said.
USAID Acting spokesperson Pooja Jhunjhunwala said on Friday that the agency was aware of the situation and confirmed this.
potentially malicious email activity from a Constant Contact marketing account. An investigation into this incident is underway, Jhunjhunwala added.
These hackers are part of the same Russian group behind last year's devastating attack that targeted 18,000 companies, including at least 9 US federal agencies, using a software update, Microsoft investigators say. SolarWinds, used by tens of thousands of businesses and governments around the world.
Earlier this month, another attack, this time ransomware, shut down the Colonial Pipeline, one of the most important energy infrastructures in the United States. This attack also came from Russia, according to the FBI.
According to James Lewis, cybersecurity expert at the Center for Strategic and International Studies, interviewed by CNN,
the Russians have a campaign plan for massive attacks on American targets, for which they have no interest in stopping.
They are not afraid of the American response. They are testing the new administration (Biden).
Kremlin spokesman Dmitry Peskov declined to comment on Microsoft's allegations on Friday.
To answer your question, we must first answer the following: which groups? Why are they linked to Russia? Who attacked what? What did it lead to? What was the attack itself? And how does Microsoft know about it? If we answer all these questions, we can think about the answer.Mr. Peskov told CNN in a conference call.