SolarWinds Hackers Now Targeting 150 Organizations, Microsoft Warns
By Jason Hall
May 28, 2021
The Russian-based group behind the SolarWinds hack is now targeting government agencies, think tanks and non-governmental organizations as part of a new campaign, Microsoft announced on Thursday (May 28).
NBC News reports Nobelium gained access to an email marketing service used by the United States Agency for International Development (USAID) and launched its ongoing attacks, according to a blog post written by Tom Burt, Microsoft vice president of customer security and trust.
"These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts," Burt wrote.
Microsoft said the campaign is active and targeted 3,000 email accounts among 150 organizations, with the majority in the United States, as well as at least 23 other countries.
NBC News reports "at least a quarter of the targeted organizations" are involved in areas such as international development and human rights work.
Nobelium's new effort reportedly involves sending phishing emails intended to look legitimate containing malicious files.
Cybersecurity firm Volexity is also tracking the new campaign but is reported to have less visibility into email systems than Microsoft. The company wrote in a post that the relatively low detection rates of phishing emails suggest the attacker was "likely having some success in breaching targets," according to the Associated Press via NBC News.
Microsoft did not confirm in its blog post whether or how many attempts by Nobelium were successful, but did note the high-volume campaign would have been blocked by automated systems.
Microsoft confirmed the email campaign has been going on since at least January and evolved other waves.
"It is anticipated that additional activity may be carried out by the group using an evolving set of tactics," the company said in Thursday's blog post.
Burt said Nobelium accessed the USAID's account using the mass-mailing service Constant Contact.
NBC News' full report can be found here.
Photo: Getty Images