Russian SolarWinds hackers are back with new wave of cyberattacks, Microsoft warns
The same Russian hackers behind the massive SolarWinds breach have launched a new wave of cyber attacks targeting government agencies, think tanks, consultants and NGOs, Microsoft revealed late Thursday evening. The United States imposed sanctions and expelled Russian diplomats in response to the SolarWinds hack, described by Microsoft as “the most sophisticated attack the world has ever seen.” Stay on top of the latest market trends and economic information with Axios Markets. The new breach was discovered just weeks before President Biden held his first in-person summit with Russian President Vladimir Putin in Geneva, and follows other Russian-backed cyberespionage campaigns. , which is linked to the main Russian intelligence agency, was behind the attack: a Kremlin-linked hacking group took control of a US Agency for International Development account and sent Seemingly legitimate emails containing malicious files to international human rights groups and humanitarian organizations, according to Microsoft. Microsoft, which monitors malicious activity on the Internet, said the attack “differs significantly.” of the SolarWinds vulnerability, hackers appearing to be using newer tools and tradecraft. account, allowing the group to send malicious emails that appeared to come from genuine government addresses to its 3,000 emails in more than 150 organizations. The emails contained a “backdoor” through which hacks could steal data and infect other computers on a network. Some of the emails were flagged by automated email threat detection systems, but some may have been delivered successfully.Many targeted organizations criticized Putin and exposed and condemned the Russian action against the dissidents, including the poisoning and imprisonment of opposition leader Alexei Navalny, according to the New York Times. An example of a phishing email that purports to look like a legitimate USAID email. Screenshot: Microsoft What they are saying: A spokesperson for the Cybersecurity and Infrastructure Security Agency told The Times on Thursday that the agency is “aware of the potential compromise and is working with USAID and the FBI To better understand the extent of the problem. “First of all, when paired with the SolarWinds attack, it’s clear that part of Nobelium’s playbook is accessing trusted technology providers and infecting their customers,” wrote Tom Burt, vice president of Microsoft, in a “By relying on software updates and now mass messaging providers, Nobelium increases the risk of collateral damage in espionage operations and undermines the confidence in the tech ecosystem, ”Burt added. “At least a quarter of the organizations targeted were involved in international development, humanitarian action and human rights.” Overview: The attack suggests that Russia is not slowing down its hacking campaigns against the United States. and US-based companies, despite the new sanctions. Like this article? Get more Axios and subscribe to Axios Markets for free.