On Thursday, Microsoft uncovered a broad cyberattack that identified hackers linked to Russian intelligence, the same people behind it.Hackers gain access to the email system used by the US Agency for International Development. which is an agency of the Ministry of Foreign Affairs that focuses on foreign aid and send malicious emails to “Approximately 3,000 personal accounts in more than 150 organizations,” according to Microsoft’s threat alert.
Microsoft says its hack campaign is still running and some malicious emails have been sent this week.
A spokesman for the US Cybersecurity and Infrastructure Agency said the agency “It is aware of potential compromises at USAID through its email marketing platform,” it added. “Work with the FBI and USAID to understand the extent of compromise and assist victims.”
The newly revealed cyber attack comes just a month after the United States. has formally imposed sanctions on Russia It has been accused of meddling in elections and malicious cyber activities. As well as the widespread SolarWinds hack, major intelligence agencies have already said Russia may be the source of the SolarWinds hack, which uses defiled software from IT management company SolarWinds to penetrate several US federal agencies and At least 100 private companies
Microsoft said it has been monitoring this new hacking campaign since January 2021, but things intensified on Tuesday when the hackers “Take advantage of the legitimate mailing service Constant Contact to impersonate a US development organization and distribute malicious URLs to a wide range. of organizations and industry groups” due to the large number of malicious emails sent. Some emails may be caught by spam filters. But some may be sent automatically through the system to the inbox in question, Microsoft said.
If someone clicks on a link in an email That person will upload malicious files that could potentially expose hackers. “Constant access to compromised systems,” according to Microsoft, could allow hackers to “Perform an objective, such as a lateral movement. data theft and sending additional malware.”
USAID acting spokeswoman Pooja Jhunjhunwala said the agency was investigating the incident.
“(USAID) has become aware of potentially malicious email activity from a compromised Constant Contact email marketing account. A forensic investigation into this security incident is ongoing. USAID has notified and is working with its agency. All proper federal including the US Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA),” Jhunjhunwala said in a statement emailed to CNET.
When commented, a Constant Contact spokesperson told CNET that the company had deactivated the affected accounts.
“We are aware that the account credentials of one of our clients have been compromised and used by malicious actors to access the client’s Constant Contact account. And we temporarily disabled affected accounts while we worked with us. clients working with law enforcement,” the spokesperson said.
Neither the White House nor the Russian embassy in Washington immediately responded to requests for comment.
More to come