Microsoft Says Group Behind SolarWinds Hack Now Targeting Government Agencies, NGOs, Telecom News, ET Telecom
“This week we have observed cyber attacks from the threat actor Nobelium targeting government agencies, think tanks, consultants and non-governmental organizations,” Microsoft said in a blog post.
Nobelium, from Russia, is the same player behind the attacks on SolarWinds customers in 2020, according to Microsoft.
“This wave of attacks has targeted approximately 3,000 email accounts in over 150 different organizations,” Microsoft said.
While organizations in the United States received the largest share of the attacks, the targeted victims were from at least 24 countries, Microsoft said.
At least a quarter of the targeted organizations were involved in international development, humanitarian issues and human rights, Microsoft said in the blog.
Nobelium kicked off this week’s attacks by breaking into an email marketing account used by the United States Agency for International Development (USAID) and from there launching phishing attacks against many more organizations, Microsoft said.
The hack into information technology company SolarWinds, which was identified in December, gave access to thousands of businesses and government offices that were using its products. Microsoft President Brad Smith described the attack as “the largest and most sophisticated attack the world has ever seen.”
This month, the Russian spy chief denied responsibility for the SolarWinds cyberattack, but said he was “flattered” by accusations from the United States and Britain that the Russian secret service was behind such a sophisticated hack.
The US and Britain blamed the Russian Foreign Intelligence Service (SVR), successor to the KGB’s overseas spy operations, for the hack that compromised nine US federal agencies and hundreds of companies from the private sector.
The attacks Microsoft disclosed on Thursday appeared to be the continuation of multiple efforts to target government agencies involved in foreign policy as part of intelligence-gathering efforts, Microsoft said.
The company said it was in the process of informing all of its targeted customers and had “no reason to believe” that the attacks involved an exploitation or vulnerability of Microsoft’s products or services.