Hackers linked to Russia’s main intelligence agency have secretly seized the e-mail system used by the State Department’s international aid agency to hack into computer networks of human rights groups and other organizations that criticize President Vladimir. Dimere Putin, Microsoft Corporation disclosed. On Thursday.
The discovery of the vulnerability came just three weeks before President Biden was scheduled to meet with Putin in Geneva and at a time of escalating tensions between the two nations – in part as a result of a cyberattack. More and more complex that emanate from Russia.
The newly revealed attacks are also particularly clear: By violating the supplier’s systems used by the federal government, hackers send emails that appear authentic. To more than 3,000 accounts in more than 150 organizations regularly communicated by the United States Agency for International Development. Those emails went out as recently as this week, and Microsoft said it believed the attacks continued.
The email was embedded with a code that would give hackers unlimited access to the recipient’s computer system, from “stealing data to infecting other computers on the network,” wrote Tom Burt, Microsoft’s vice president last night. Thursday
Biden last month announced a new set of sanctions against Russia and the expulsion of diplomats for an advanced hacking operation known as SolarWinds, which used new methods to breach at least seven government agencies and corporations. Hundreds of large America.
The attack went undetected by the US government for nine months until it was discovered by a cyber security firm. In April, Biden said he could react more aggressively, but “chose to take part” because he didn’t want to “start a cycle of escalation and conflict with Russia”.
However, the Russian response appears to have escalated. Hazardous activities were underway recently in the past week. That shows that any sanctions and covert actions the White House undertakes as part of a cost-building strategy that has been put in place. The “visible and invisible” for Moscow – didn’t stop the Russian government.
A spokesman for the Department of Homeland Security’s cybersecurity and infrastructure agency said late Thursday the agency had “Recognizing a potential compromise” at the Office for International Development and “Work with the FBI and USAID to understand better. The extent of reconciliation and possible victim assistance “
Microsoft identified the Russian group behind the attack was Nobelium and said it was the same group responsible for the SolarWinds hack last month.The American government made clear that SolarWinds was the brainchild of SVR, one of The most successful work from the KGB in the Soviet era.
The same agency was involved in a 2016 and earlier hack of the Democratic National Committee in attacks on the Pentagon, the White House’s email system, and the State Department’s anonymous communications.
Federal officials and experts say it is becoming more and more aggressive and constructive.The U.S. government has never detected attacks on SolarWinds and operated through a code embedded in network management software widely used by governments and private companies. When customers update SolarWinds software, just like an overnight iPhone update, they are unaware of an intruder.
Among last year’s victims were the Homeland Security and Energy Agency as well as the nuclear lab.
When Mr Biden took office, he ordered a study of SolarWinds and officials were taking steps to prevent the attack. “Supply chain” in the future, where opponents will stick to software used by federal agencies. This is similar to what happened in this case when Microsoft’s security team caught hackers using a widely used email service provided by company called Constant Contact to send malicious emails that appear to come from their addresses. Agency for International Development, genuine
But sometimes the content is hardly sensitive. In an email sent through Constant Contact’s service on Tuesday, hackers highlighted a message claiming that “Donald Trump has published a new email about election fraud.” Harm to the recipient’s computer.
Microsoft noted that the attacks differ greatly from the SolarWinds hack, using new tools and tradecraft to avoid detection. It said attacks are ongoing and hackers are still sending spear-phishing emails with increasing speed and scope. That is why Microsoft took the unusual step of naming entities where email addresses are being used and publishing fake email samples.
Essentially, the Russians log in to the International Development Agency’s email system, routing it around the agency and directly following their software suppliers, Constant Contact, handling mass e-mails and other communications on behalf of the agency. help
“Nobelium launched an attack this week with access to USAID’s Constant Contact account,” Microsoft’s Mr. Burt could not be reached for comment.
Microsoft, like many other large companies involved in cybersecurity, maintains a large network of censors looking for dangerous activities on the Internet and is often their target. It was heavily involved in exposing the SolarWinds attacks.
In this case, Microsoft reported that the hackers’ targets were not at the State Department or aid agencies. Rather, it uses connections to get into the field working groups and in many cases rank among Putin most. A potential critic
“At least a quarter of the target organizations are involved in international development, humanitarian work and human rights,” wrote Bert. While he did not name them, several such groups have exposed Russia’s actions against dissent or protesting the poisoning, conviction and incarceration of Russia’s most notorious opposition leader, Alexei A. Navalny
The attacks showed Russia’s intelligence service was stepping up a campaign, perhaps showing that the country would not back down from sanctions, eviction of diplomats and other pressures.
Biden raised a telephone attack on SolarWinds against Putin last month, telling him the sanctions and dismissals show his administration will not tolerate further cyber actions. Next
Putin has denied any involvement by Russia and some Russian news agencies have argued that the United States launched an attack on its own.
At the time, the White House also put new sanctions on Russian individuals and assets, as well as new restrictions on the purchase of Russian sovereign debt, which would make it harder for Russia to raise money and support its currency.
“This is the beginning of a new US campaign against malicious behavior of Russia,” said Treasury Secretary Janet L. Yellen.
Tensions over Russia’s detention of cybercriminals have skyrocketed this month after ransomware groups took hold of the business network hosted by Colonial Pipeline. The attack forced the company to shut down a pipeline that brought nearly half of gas, diesel and jet fuel to the east coast, fueling gas prices and alarming purchases at the pump.
Biden said two weeks ago, “We Has communicated directly with Moscow about the necessity of the country responsible for the decisive action of these ransomware networks. ”