The latest cyber-attack by the group named ‘Nobelium’, touted as the same Russia-based hackers behind the infamous SolarWinds software hack, has targeted around 3,000 email accounts across 150 organisations
After China-based cyber-attack, earlier this year, hit its business email servers, Microsoft now has warned against an on-going “sophisticated” attack from Russia-based threat actors targeting government agencies, think tanks, consultants, NGOs and its customers across the globe.
The latest cyber-attack by the group named ‘Nobelium’, touted as the same Russia-based hackers behind the infamous SolarWinds software hack, has targeted around 3,000 email accounts across 150 organisations.
“While organisations in the United States received the largest share of attacks, targeted victims span at least 24 countries. At least a quarter of the targeted organisations were involved in international development, humanitarian, and human rights work”, said Tom Burt, Corporate Vice President, Customer Security and Trust at Microsoft.
“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts”, Burt said in a statement on Friday.
“Many of the attacks targeting our customers were blocked automatically, and Windows Defender is blocking the malware involved in this cyber-attack. We’re also in the process of notifying all of our customers who have been targeted”, he informed.
By gaining access to the Constant Contact account of USAID, ‘Nobelium’ launched the cyber-attack.
Used for email marketing, Constant Contact is a service, from where the actor was able to distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call NativeZone.
“This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network”, Microsoft said.
As a result of the SolarWinds hack, nine federal agencies and about 100 private sector companies were compromised.
Including government and commercial firms, at least 30,000 organisations across the US, after SolarWinds, earlier this year, were hit by China-based espionage group called ‘Hafnium’, who exploited four vulnerabilities in Microsoft Exchange Server email software.
“While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the US”, Burt had said in March.
Especially after at a key fuel pipeline last week, alarmed at repeated cyber-attack on the country, US President Joe Biden this month signed an executive order, implementing new policies to improve national cyber-security.