Russian SolarWinds Hackers Launch Email Attack on Government Agencies

Russian SolarWinds Hackers Launch Email Attack on Government Agencies

Russian state-backed cyber spies behind the SolarWinds hacking campaign this week launched a targeted phishing attack on US and foreign government agencies and think tanks using an agency email marketing account United States for International Development (USAid), Microsoft said.

The effort has targeted around 3,000 email accounts in more than 150 different organizations, at least a quarter of which are involved in international development, humanitarian work and human rights, the Microsoft vice president wrote Thursday. Tom Burt in a blog post.

He did not specify which part of the attempts may have led to successful intrusions. Cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft, said in a post that relatively low detection rates of phishing emails suggested the attacker “had probably some success in violating targets ”.

Microsoft has identified the group that carried out the attacks as Nobelium, originally from Russia and the same player behind the attacks on SolarWinds customers in 2020.

Burt said the campaign appeared to be a continuation of Russian hackers’ efforts to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets covered at least 24 countries.

The hackers gained access to USAid’s account at Constant Contact, an email marketing service, Microsoft said. The seemingly authentic phishing emails dated May 25 were believed to contain new information about the 2020 election fraud allegations and included a link to malware that allowed hackers to “gain persistent access to compromised machines ”.

Microsoft said in a separate blog post that the campaign is ongoing and has evolved from several waves of spear-phishing campaigns first detected in January that turned into this week’s mass mailings. .

It comes weeks after a May 7 ransomware attack on Colonial Pipeline shut down the United States’ largest fuel pipeline system for days, disrupting supply.

The SolarWinds hack began as early as March 2020, when malicious code was introduced into updates to popular software called Orion, created by the company, which monitors corporate and government computer networks for outages. This malware gave elite hackers remote access to an organization’s networks so that they could steal information.

Questions and answers

What was the SolarWinds hack?


In early 2020, malicious code was introduced in updates to popular software called Orion, made in the United States by the company SolarWinds, which monitors corporate and government computer networks for outages.
This malware gave hackers remote access to an organization’s networks so that they could steal information. Among the best-known users of the software were US government departments including the Centers for Disease Control and Prevention, the State Department, and the Department of Justice.

Described by Microsoft President Brad Smith as “the biggest and most sophisticated attack the world has ever seen,” US intelligence agencies accused Russia of launching the attack.

SolarWinds, of Austin, Texas, provides network monitoring and other technical services to hundreds of thousands of organizations around the world, including most Fortune 500 companies and government agencies in North America, in Europe, Asia and the Middle East.

Its compromised product, Orion, is a centralized monitoring tool that looks for problems in an organization’s computer network, which means that the break-in has given attackers a “divine view” of those networks.

Neither SolarWinds nor the US cybersecurity authorities have publicly identified which organizations have been breached. Just because a business or agency uses SolarWinds as a vendor doesn’t necessarily mean it was vulnerable to hacking.

Kari paul and Martin Belam

Thank you for your opinion.

The hacking campaign, which infiltrated dozens of private sector companies and think tanks, as well as at least nine U.S. government agencies, was extremely stealthy and continued through most of 2020 before being detected in December by cybersecurity company FireEye. In contrast, this new campaign is what cybersecurity researchers call loud and easy to detect.

Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the software update supply chain from a trusted technology vendor; this campaign relied on a mass messaging provider. With both methods, the company said, hackers are undermining trust in the tech ecosystem.

Microsoft President Brad Smith previously described the SolarWinds attack as “the largest and most sophisticated attack the world has ever seen.”

This month, Russia’s spy chief denied responsibility for the SolarWinds attack, but said he was “flattered” by accusations by the United States and Britain that Russian foreign intelligence were behind such a sophisticated hack.

The United States and Britain blamed Russia’s Foreign Intelligence Service, the successor to the KGB’s foreign espionage operations, for the hack.

Associated Press and Reuters contributed to this report


Please enter your comment!
Please enter your name here