The Russian conglomerate behind the SolarWinds hack has launched a new campaign aimed at government agencies. thought agency and non-governmental organizations, Microsoft said Thursday.
Nobelium launched the current attack after accessing email marketing services used by the United States Agency for International Development, or USAID, according to Microsoft.
Tom Burt, Microsoft’s vice president of customer security and trust, wrote in a blog post: “These attacks appear to be a consequence of Nobelium’s multiple attempts to target government agencies involved in foreign policy as part of its intelligence-gathering efforts.”;
The campaign, which Microsoft calls the incident. It targets 3,000 email accounts in 150 organizations, most of them in the United States, Burt said, but the targets are in at least 24 countries. At least a quarter of the targeted organizations are involved in things like international development and human rights work.
Such attempts involve sending phishing emails that look legitimate but are designed to send malicious files.
Cybersecurity company Volexity, which also tracks the campaign. But it is less visible to the email system. Microsoft wrote in the post that its relatively low detection rate of phishing emails suggests attackers “Tends to succeed in breaching targets,” the Associated Press reported.
Microsoft doesn’t say how many times or how many times it has been accomplished. It says that many emails in high volume campaigns will be automatically blocked.
The email campaign has been around since at least January and has evolved over the waves, Microsoft said in a separate blog post.
Microsoft said in its blog Thursday that Nobelium’s spear phishing was a regular occurrence. “It is expected that additional activities may be carried out by the group using a developed tactics package,” the report said.
Burt said Nobelium accessed USAID’s accounts with Constant Contact, a mass mailing service.
On Wednesday, emails intended to appear to be from USAID were sent, including some that read: “Special alert” and “Donald Trump has published a new document on election fraud,” Microsoft said.
If a user clicks a link Malicious files will be installed on their systems that allow Nobelium to access the compromised machines, Microsoft said.
Burt said Microsoft detected the attack through its Threat Intelligence Center work to track. He wrote that the company had no reason to believe there was a vulnerability in its products or services.
The SolarWinds attack was discovered late last year. It involves a widely used software hack produced by a Texas-based company. This led to the infiltration of at least nine federal agencies and dozens of companies.
Microsoft president Brad Smith called it “the largest and most sophisticated attack the world has ever seen.”
related news agencies contribute