Microsoft said late on Thursday that the organization behind the SolarWinds cyber attack identified at the end of last year is now targeting government agencies, think tanks, consultants and non-governmental organizations.
Microsoft said in a blog: “This week, we observed cyberattacks by threat actor Nobelium targeting government agencies, think tanks, consultants and non-governmental organizations.”
Microsoft said that Nobelium, which originated in Russia, has the same behavior behind the attack on SolarWinds customers in 2020.
Microsoft said: “This wave of attacks targeted approximately 3,000 email accounts in more than 150 different organizations.”
Microsoft said that although organizations in the United States have received the most attacks, the target victims are from at least 24 countries.
Microsoft said in its blog that at least a quarter of the target organizations are involved in international development, humanitarian issues and human rights work.
Microsoft said that Nobelium launched this week’s attack by hacking into an email marketing account used by the United States Agency for International Development (USAID), and from there it launched phishing attacks against many other organizations.
The hacking of the information technology company SolarWinds was discovered in December, and it has made access to thousands of companies and government agencies that use the product. Microsoft President Brad Smith described the attack as “the largest and most complex attack in the world.”
This month, the Russian spy chief denied responsibility for the SolarWinds cyber attack, but said that the accusations against the United States and the United Kingdom that Russia’s foreign intelligence had such sophisticated hacking were “flattered”.
The United States and the United Kingdom accused hackers of invading nine U.S. federal agencies and hundreds of private sector companies, blaming them on the Russian Foreign Intelligence Service (SVR), the successor of the KGB’s foreign espionage activities.
Microsoft said that the attacks disclosed by Microsoft on Thursday appeared to be a continuation of multiple efforts aimed at government agencies involved in foreign policy as part of its intelligence gathering efforts.
The company stated that it is informing all target customers and has “no reason to believe” that these attacks involve any exploits or vulnerabilities in Microsoft products or services.
Thomson Reuters 2021 ©