Updated May 29th, 2021 at 16:10 IST
SolarWinds Hack details: Another email attack by Russian hackers
Microsoft has reported another cyberattack by Nobelium, the organization behind SolarWinds hack 2021. The campaign is targeting foreign development agencies.
Advertisement
A group of Russian hackers have launched a mass email phishing campaign, targeting government agencies, consultations, think tanks, NGOs and other foreign government agencies, reported Microsoft. The sophisticated attack was carried out using US Agency for International Development's email marketing account. After comparing the case with SolarWinds hack details, Microsoft has announced that it is the same organization responsible for SolarWinds hack 2021.
Russian Hackers launch a mass email attack
Nobelium has been identified as the organization responsible for sending out emails to about 3000 accounts. Microsoft also adds that at least a quarter of these accounts are associated with international bodies that look after foreign policy. It might be done to gain international intelligence. Both the United States and Britain are raising fingers at Russia's Foreign Intelligence Service.
Just like the SolarWinds hack 2021, the emails contained a URL, clicking on which would provide access to the user's database. The email contained a poster and used former United State's president Donal Trump's name to lure the victims. The 'view documents' button opens a URL, which then provides access to the hackers. Have a look at the sample image published by Microsoft below.
IMAGE: MICROSOFT SECURITY BLOG
Microsoft's statement about the SolarWinds hack details
"This week we observed cyber attacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations. This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations. While organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries," Microsoft says on their official blog post dated May 27, 2021.
The email attack was going on since January 2021
The email attack was silently going on since January 2021, until the hackers used a mail-mailing service called Constant Contact on May 25. Apparently, the emails were coming from development organization in the United States. While initially, the campaign sent malicious URLs which used the Google FIrebase platform to gather details of those who accessed the URL, the technique evolved with time.
In the month of April, hackers experimented with an ISO file integrated with JavaScrpt, which once opened, attaches to a computer like an internal drive itself. The Cybersecurity and Infrastructure Security Agency of the US is aware of the cyberattack and has opened a joint investigation along with the Federal Bureau of Investigation.
🚨 We are responding to a cyber threat actor that leveraged a third-party compromised Constant Contact account to target more than 7,000 accounts across more than 300 government organizations, IGOs, & NGOs. View our Joint Cybersecurity Advisory with @FBI: https://t.co/lXeu29X0Fy
— Cybersecurity and Infrastructure Security Agency (@CISAgov)
IMAGE: SHUTTERSTOCK
Advertisement
Published May 29th, 2021 at 16:10 IST