Russian SolarWinds hackers launch email attack on government agencies
The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted phishing assault on US and foreign government agencies and thinktanks this week using an email marketing account of the US Agency for International Development (USAid), Microsoft has said.
The effort targeted about 3,000 email accounts at more than 150 different organisations, at least a quarter of them involved in international development, humanitarian and human rights work, the Microsoft vice-president Tom Burt wrote in a blog post late on Thursday.
It did not say what portion of the attempts may have led to successful intrusions. The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft, said in a post that relatively low detection rates of the phishing emails suggested the attacker was “likely having some success in breaching targets”.
Microsoft identified the group carrying out the attacks as Nobelium, originating from Russia and the same actor behind the attacks on SolarWinds customers in 2020.
