Following a China-based cyberattack on its business email servers earlier this year, Microsoft has now issued a warning about an ongoing “sophisticated” attack from Russia-based threat actors targeting government agencies, think tanks, consultants, NGOs, and its customers worldwide.
The latest attack by the group known as ‘Nobelium,’ which is said to be the same Russia-based hackers behind the infamous SolarWinds software hack, has targeted around 3,000 email accounts across 150 organisations.
“While the majority of attacks were directed at organisations in the United States, victims were found in at least 24 countries. At least one-quarter of the organisations targeted were engaged in international development, humanitarian, and human rights work “said Tom Burt, Microsoft’s Corporate Vice President of Customer Security and Trust.
“These attacks appear to be a continuation of Nobelium’s multiple efforts to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Burt said in a statement Friday.
“Many of the attacks on our customers were automatically blocked, and Windows Defender is blocking the malware used in this attack. In addition, we are in the process of notifying all of our customers who have been targeted “He informed them.
‘Nobelium’ launched the attacks after gaining access to USAID’s Constant Contact account.
Constant Contact is an email marketing service. From there, the actor was able to send out phishing emails that appeared legitimate but contained a link that, when clicked, inserted a malicious file used to spread a backdoor known as NativeZone.
“This backdoor could enable a wide range of activities ranging from data theft to infecting other computers on a network,” Microsoft explained.
As a result of the SolarWinds hack, nine federal agencies and approximately 100 private-sector companies were compromised.
Following SolarWinds, at least 30,000 organisations in the United States, including government and commercial entities, were targeted earlier this year by the China-based espionage group ‘Hafnium,’ which exploited four vulnerabilities in Microsoft Exchange Server email software.
“While Hafnium is based in China, it operates primarily from leased virtual private servers (VPS) in the United States,” Burt stated in March.
Concerned about repeated cyber-attacks on the country, particularly one on a critical fuel pipeline last week, US President Joe Biden signed an executive order this month establishing new policies to improve national cybersecurity.