On Thursday, Microsoft said in a blog post that a hacking group called Nobelium attacked more than 150 organizations worldwide last week, including government agencies, think tanks, consulting firms and nongovernmental organizations.
Microsoft said the hackers sent phishing emails — emails sent under the guise of someone else’s email address — to more than 3,000 email accounts with the aim of luring people into providing sensitive information or downloading harmful software.
Tom Burt, Microsoft’s vice president for customer security and trust, said at least 25 percent of the organizations seen as targets of the attacks were involved in international development, humanitarian and human rights work.
According to Burt, “These attacks appear to be a continuation of multiple campaigns launched by Nobelium against government agencies involved in foreign policy as part of an intelligence gathering effort.”
For its part, Microsoft said that organizations in at least 24 countries were targeted, with the United States receiving the most attacks.
A month ago, the U.S. government made it clear that the SolarWinds hack was launched by Russia’s Foreign Intelligence Service (SVR), the successor to the former Soviet KGB foreign espionage operation.
According to Reuters, the Kremlin said on Friday that they have not yet been given any information about the cyberattack and that Microsoft needs to respond to more questions, including how the cyberattack was linked to Russia.
About the hack
Microsoft said Nobelium gained access to email marketing accounts used by the U.S. Agency for International Development on the Constant Contact email marketing platform.
Burt said Nobelium used the account “to send what appeared to be a genuine phishing email, but contained a link that, when clicked, inserted a malicious file.”
The file contains a backdoor that Microsoft calls NativeZone, which “makes it possible to steal data, infect other computers on the network, and a host of other activities.
Microsoft is currently notifying customers who have been targeted.
The U.S. Agency for International Development (USAID) said that forensic investigations into the incident are ongoing.
“USAID has become aware of a potentially malicious email campaign from an infected Constant Contact email marketing account,” a USAID spokesperson said in a statement shared with CNBC, “and a A forensic investigation into this security incident is ongoing. USAID has been notified and is working with all relevant federal authorities, including the U.S. Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency.”
A spokesperson for Constant Contact told CNBC that the company has learned that a customer’s account credentials were stolen and used by miscreants to access the customer’s Constant Contact account.
They said, “This is an isolated incident and we have temporarily disabled the affected account while we work with the customer, who is also cooperating with law enforcement.”
A CISA spokesperson told CNBC that they are also aware of the potential cyberattack and are working with the FBI and the U.S. Agency for International Development to better understand the current status of the incident.
Steve Forbes, a government cybersecurity expert at domain management company Nominet, described the dangers of such hacks.
The SolarWinds hack, which was discovered in December, turned out to be much more serious than initially expected. That attack gave hackers access to thousands of companies and government offices that use SolarWinds IT software.
Microsoft President Brad Smith described the attack as “one of the largest and most technologically advanced attacks the world has ever seen.
Earlier this month, the head of Russia’s intelligence agency denied that it was behind the SolarWinds attack, but said he was “honored” that the U.S. and Britain had accused Russia’s foreign intelligence agencies of being behind such a sophisticated hack.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/microsoft-says-russian-hackers-have-launched-another-massive-cyber-attack/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.