The group behind the SolarWinds (SOL.N) cyber attack identified late last year is now targeting government agencies, think tanks, consultants and non-governmental organizations, Microsoft Corp (MS.N) said late Thursday.
“This week, we noticed a cyber attack by Nobelium threat actors targeting government agencies, think tanks, consultants and non-governmental organizations,” Microsoft said in a blog.
Nobelium, of Russian origin, is the same actor behind the attack on SolarWinds customers in 2020, according to Microsoft.
“This wave of attacks target about 3,000 email accounts in more than 150 organizations,” Microsoft said.
While US organizations had the most share of attacks. But the target victims came from at least 24 countries, Microsoft said.
At least a quarter of the target organizations are involved in international development, humanitarian issues and human rights work, Microsoft said in a blog.
Nobelium launched its attack this week by hacking into the email marketing accounts used by the United States Agency for International Development (USAID) and from there it launched other corporate phishing attacks. Many, said Microsoft.
The hack by information technology company SolarWinds, identified in December, made it possible for thousands of companies and government offices to use their products. “The largest and most complex attacks the world has ever seen.” Read more
This month, the Russian spy chief denied responsibility for the SolarWinds cyber attack, but said he was “delighted” by allegations from the United States and Britain that Russian foreign intelligence was behind such a sophisticated hack.
The United States and Britain have blamed Russia’s Foreign Intelligence Service (SVR), a successor to the KGB’s foreign spying operations, for a hack that damaged nine US federal agencies and hundreds of private equity firms.
The attacks revealed by Microsoft on Thursday appear to be a series of ongoing efforts to target government entities involved in foreign policy as part of intelligence gathering efforts, Microsoft said.
The company said it was in the process of notifying all of its prospects and “There is no reason to believe” these attacks are related to an exploit or vulnerability in a Microsoft product or service.
Our Standard: The Thomson Reuters Trust Principle.