Microsoft mentioned the hackers behind the SolarWinds cyberattack have launched a contemporary marketing campaign focusing on over 150 authorities companies, suppose tanks, and non-governmental organizations.
The Russian-based hacking group, which works by varied names together with Nobelium, launched the brand new assault after having access to an e mail advertising and marketing service utilized by the US Company for Worldwide Growth (USAID), Microsoft mentioned in a Thursday weblog publish.
After accessing USAID’s e mail advertising and marketing account, the hackers distributed phishing emails that contained a hyperlink to a malicious file that enabled information theft and an infection of different computer systems, in keeping with Tom Burt, Microsoft vice chairman of buyer safety and belief.
“Nobelium, originating from Russia, is identical actor behind the assaults on SolarWinds clients in 2020. These assaults look like a continuation of a number of efforts by Nobelium to focus on authorities companies concerned in overseas coverage as a part of intelligence gathering efforts,” Burt wrote within the publish.
The marketing campaign focused some 3,000 e mail accounts throughout over 150 organizations, Burt wrote. Whereas a lot of the targets have been in the US, the assault spanned at the least 24 international locations, he added.
Cybersecurity agency Volexity, which additionally tracked the assaults, wrote in a publish that it believes the operation was doubtless launched by APT29, a so-called “superior persistent risk” Russian hacker group believed to be related to Russian intelligence providers. The group has varied nicknames, together with Cozy Bear, Nobelium, and Darkish Halo.
“Whereas Volexity can’t say with certainty who’s behind these assaults, it does imagine it has the earmarks of a identified risk actor it has handled on a number of earlier events,” the cybersecurity agency wrote, noting a lot of assault attributes used on this marketing campaign that have been in keeping with earlier ways utilized by APT29.
“After a comparatively lengthy hiatus with no publicly detailed spear phishing exercise, APT29 seems to have returned,” Volexity wrote, including that the information used within the assault have “comparatively low static detection charges,” which “suggests the attacker is probably going having some success in breaching targets.”
A earlier hack of data know-how firm SolarWinds, which was recognized in December, has been attributed with a excessive diploma of confidence to the Russian intelligence-linked APT29 group.
America and Britain have blamed Russia’s International Intelligence Service, successor to the overseas spying operations of the KGB, for the SolarWinds hack, which compromised 9 U.S. federal companies and lots of of personal sector corporations.
This month, Russia’s spy chief denied accountability for the SolarWinds cyber assault however mentioned he was “flattered” by the accusations that Russian overseas intelligence was behind such a classy hack.
Information of the contemporary wave of cyberattacks attributed to APT29 comes weeks after a Might 7 ransomware assault on Colonial Pipeline shut the US’ largest gasoline pipeline community for days, disrupting provide, sending gasoline costs hovering, and driving panic shopping for on the pumps.
From The Epoch Occasions