Posted on May 28, 2021 at 7:07 PM
Microsoft Uncovers New Hacking Campaign On Agencies By Solarwinds Hackers
Microsoft has revealed that hackers believed to have links with the Russian government attacked government agencies and human rights groups.
Tom Burt, Microsoft’s Vice President, in a blog post, disclosed the hacking incident, saying that it targeted about 3,000 email addresses in 24 different countries. He also pointed out that over 150 organizations involved in humanitarian work and international development were targeted as well.
Campaign Linked to SolarWinds Hackers
Microsoft revealed in a different blog post that the hacking campaign is still ongoing and is carried out through several waves of spear-phishing campaigns. The campaign was first uncovered in January but is escalated to thousands of email addresses this week.
This is coming few weeks after the ransomware attack on Colonial Pipeline, which shut down the largest fuel pipeline network in the country for several days.
It’s not the first time a hacking campaign has targeted major US organizations. Another notable incident was the SolarWinds hacking incident that started in March last year. In the hack, malicious code was sneaked into updates to the Orion software, empowering elite hackers to access organizations’ networks.
The campaign also impacted no less than 9 US government agencies, according to the report. The threat actors executed their campaign throughout last year before they were uncovered by the FireEye security firm in December.
But this new hacking campaign is easy to detect, according to cybersecurity researchers. Microsoft also stated the two distribution methods utilized in the attacks. While SolarWinds concentrated on the supply chain of the software updates of a technology provider, the new campaign piggybacked on a mass email provider.
Microsoft said the similarity between the SolarWinds attack and the recent attack is the fact that both actions undermined trust in the technology ecosystem.
Hacking Incidents likely to be discussed in Geneva
Microsoft President Brad Smith has called the SolarWinds attack the most complex and largest attack on companies the world has ever seen. It was blamed on state actors, especially Russians. However, Russia’s spy chief recently denied the accusation stating that he was “flattered” by the accusations of Russia’s Intelligence involvement in such a magnitude of the attack.
The latest cyber attack was discovered barely a few weeks before US President Joe Biden is supposed to attend the Geneva Summit with Russia’s President Vladimir Putin in attendance. Biden is expected to address a list of issues with the Russian president, and this incident may likely be added to that list.
More Sanctions against Russia?
Last month, Biden announced new sanctions on Russia and expelled the country’s diplomats, as an action against the SolarWinds hack.
Microsoft did not provide any further details about the Nobelium breach or whether it was successful. But it stated that the campaign involves delivering phishing emails that camouflage as genuine ones, but truly delivers harmful files.
The attack seemingly targeted U.S. and international agencies, consultancies, and think tanks who have expressed disdain against Russia’s treatment of democracy activists.
Cybersecurity firm Volexity, who has also been tracking the campaign, stated that phishing emails have relatively low detection rates. The firm revealed that the threat actors may have had some level of success when it comes to breaching targets.
Microsoft highlighted one of the phishing attacks in an email that seems to come from the United States Agency for International Development (USAID), an independent agency.
USAID wasn’t available for comments about the breach. Also, the US Cybersecurity and Infrastructure Security Agency (CISA) was contacted but it could not be reached as well.
The U.S. has been battling with an increased spate of cyberattacks on its private sector and critical infrastructure areas recently. The increased nation-state attacks have drawn concerns from different quarters, with some pushing for more sanctions on Russia, which is believed to be behind the major attacks.
Burt stated that the new campaign seems to be a continuation of the intelligence-gathering efforts of the Russian government. He added that the hackers generally target organizations involved in foreign policy, but their motive is not known.