A group of Russian hackers linked to the Kremlin called Nobelium, the same one that attacked the cybersecurity company SolarWinds, is behind a new hacking campaign using malicious emails.
The attack is targeting
US and foreign
government agencies and
think thanks
(research laboratories) using an email account of the United States Agency for International Development (USAID), Microsoft reported.
The attack targeted some
3,000 email accounts of more than 150 different organizations
, at least a quarter of them related to international development, humanitarian aid and human rights, Microsoft Vice President Tom Burt said in a statement. article published late Thursday.
"Nobelium launched this week's attacks by gaining access to USAID's Constant Contact account. Constant Contact is a service used for email marketing. From there, the actor was able to distribute
malicious emails that appeared authentic
but they included a link that, when clicked, inserted a malicious
file.
”From these emails, Nobelium could steal data and infect other computers on a network.
Burt did not specify how many of these attempts resulted in successful break-ins.
In an image shared by Microsoft, you can see that the email appears to be from USAID and includes the text
"USAID Special Alert: Donald Trump Has Released New Documents On Voter Fraud."
Cybersecurity firm Volexity, which also tracked the campaign but has less visibility in email systems than Microsoft, noted in a post that the relatively low detection rates of phishing emails suggest that the attacker "was probably having some success in violating targets. "
According to Burt, the campaign appears to be a continuation of multiple efforts by Russian hackers to
"target government agencies involved in foreign policy as part of intelligence gathering efforts."
And he assured that the objectives cover at least 24 countries.
The authentic-looking malicious emails, dated May 25, purport to contain new information about the 2020 election fraud claims and include a link to malware (a malicious program) that allows hackers to "gain persistent access to the compromised machines. "
Microsoft said in a separate statement that the campaign is ongoing and evolved from several malicious email campaigns it first detected in January that escalated to mass mailings this week.
While SolarWinds' campaign, which infiltrated dozens of private sector companies as well as at least nine U.S. government agencies, was extremely stealthy and lasted for most of 2020 before being spotted in December by cybersecurity company FireEye, this campaign is what cybersecurity researchers call loud.
That is, easy to detect.
With information from AP.