Microsoft: SolarWinds Hackers Strike United States Again

Hackers-Hacking-Reuters
Reuters

Microsoft says that SolarWinds hackers, who committed one of the worst cyberattacks to have hit the U.S. government, have struck again with a new global attack targeting more than 150 government agencies, think tanks, and other organizations.

The hackers, who Microsoft call “Nobelium,” have targeted approximately 3,000 email accounts at more than 150 different entities in at least 24 countries, with most of the cyberattacks being in the United States, Microsoft said in a blog post on Thursday.

“Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020,” the company said. “These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts.”

Microsoft added that at least a quarter of the attacks targeted organizations involved in international development, humanitarian, and human rights work.

The company explained that Nobelium launched the attacks this week by gaining access to the Constant Contact account of the US Agency for International Development (USAID), and then sent “phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call NativeZone.”

“This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network,” Microsoft said.

Microsoft added that it is in the process of notifying all of its customers who have been targeted, but noted that many of the attacks “were blocked automatically.”

“We detected this attack and identified victims through the ongoing work of the MSTIC team in tracking nation-state actors,” the company explained. “We have no reason to believe these attacks involve any exploit against or vulnerability in Microsoft’s products or services.”

Microsoft added, however, that the attacks are notable for three reasons:

“First, when coupled with the attack on SolarWinds, it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers,” the company said, adding that the hackers increase the chances of collateral damage in espionage operations by piggybacking on software updates, and now, mass email providers.

Second, hackers’ cyberattacks appear to follow issues of concern to the country from which they are operating.

“This time Nobelium targeted many humanitarian and human rights organizations,” Microsoft pointed out. “At the height of the Covid-19 pandemic, Russian actor Strontium targeted healthcare organizations involved in vaccines.”

Third, the company said that nation-state cyberattacks aren’t slowing down.

“We need clear rules governing nation-state conduct in cyberspace and clear expectations of the consequences for violation of those rules,” Microsoft said. “We need to do more.”

Earlier this month, a cyberattack forced a shutdown of a major U.S. pipeline operator, Colonial Pipeline. The hacker group behind the pipeline ransomware attack, received a total of $90 million in Bitcoin ransom payments from 47 victims over the past nine months.

That attack was carried out by a Russian-speaking criminal gang known as DarkSide, according to the FBI.

You can follow Alana Mastrangelo on Facebook and Twitter at @ARmastrangelo, on Parler at @alana, and on Instagram.

COMMENTS

Please let us know if you're having issues with commenting.