Home / Business / Microsoft Says SolarWinds Hacker Attacks United States and Other Countries Again

Microsoft Says SolarWinds Hacker Attacks United States and Other Countries Again



A group that Microsoft calls “Nobelium” targeted 3,000 email accounts at its organizations this week, most of them in the United States, the company said in a blog post Thursday.
The hackers are believed to be part of the same Russian group behind last year’s attack on software vendor SolarWinds. It targets at least 9 US federal agencies and 100 companies.
Cybersecurity is a major focus for the US government. Following the revelation that hackers injected malicious code into tools published by SolarWinds, a ransomware attack shut down one of America̵
7;s most important energy infrastructure, the Colonial Pipeline. At the beginning of this month, it only made me feel more panicked. The attack was carried out by a criminal group of Russian origin, according to the FBI.
Microsoft (MSFT) It said at least a quarter of the attack targets this week were related to international development. Humanitarian and human rights work in at least 24 countries. It said Nobelium launched the attack by accessing fixed contact email marketing accounts. Used by the United States Agency for International Development (USAID).

“These attacks appear to be Nobelium’s ongoing efforts to target government agencies involved in foreign policy. as part of its data collection efforts,” the company said.

US Department of Homeland Security and the US Department of State It did not immediately respond to a request for comment from CNN Business.

By accessing a USAID account, hackers can send phishing emails that Microsoft says “looks real. But there are links that, when clicked, insert malicious files” that allow hackers to access computers through the backdoor.

“This backdoor can enable a wide range of activities from stealing data to infecting other computers on the network,” Microsoft said.

A fake email that appears to be from USAID, including the real sender address. The email was identified as A “special notice” that invites recipients to click a link to “view documents” from former President Donald Trump about election fraud.

Microsoft says many attacks are automatically blocked. The company is notifying targeted customers and said it has “no reason to believe that these attacks involve exploiting vulnerabilities or vulnerabilities in Microsoft products or services.”

US intelligence and law enforcement agencies At the time of the hack SolarWinds said the group responsible “Probably from Russia”, adding that the attack was believed to be an act of espionage.

Microsoft reiterated those questionable motives in a blog post on Thursday, saying: “Together with the SolarWinds attack, it’s clear that part of the Nobelium playbook is accessing trusted technology providers and infecting their customers.”

“With the use of numerous software updates and email providers, This allows Nobelium to increase the chances of collateral damage in espionage operations. and undermine confidence in the technology ecosystem,” the company said.


Source link