Microsoft: SolarWinds Hackers Target 150 Orgs with Phishing

May 28, 2021by Frank Bajak, AP Technology Writer
Microsoft: SolarWinds Hackers Target 150 Orgs with Phishing
FILE - In this April 1, 2014, file photo, the headquarters for the U.S. Agency for International Development is seen in Washington. The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks using an email marketing account of the U.S. Agency for International Development, Microsoft said, late Thursday, May 27, 2021. (AP Photo/J. David Ake, File)

BOSTON (AP) — The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft said.

The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

It did not say what portion of the attempts may have led to successful intrusions.

The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft , said in a post  that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.” 

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”

Microsoft said in a  separate blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy. Easy to detect.

Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the supply chain of a trusted technology provider’s software updates; this campaign piggybacked on a mass email provider.

With both methods, the company said, the hackers undermine trust in the technology ecosystem. 

A+
a-
  • hacking
  • Microsoft
  • Solarwinds
  • In The News

    Health

    Voting

    Cybercrime

    October 7, 2023
    by Dan McCue
    Hackers Access DC Voter Records

    WASHINGTON — Hackers breached the District of Columbia's Board of Elections website on Thursday, gaining access to 600,000 "lines" of... Read More

    WASHINGTON — Hackers breached the District of Columbia's Board of Elections website on Thursday, gaining access to 600,000 "lines" of U.S. voter data, including D.C. voters reports, city officials said. Sarah Winn Graham, the spokeswoman for the board, said a hacking group known as RansomVC claimed... Read More

    July 18, 2023
    by Tom Ramstack
    Congress Told AI Holds Great Risks and Benefits for US Military

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it... Read More

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it falls behind in developing the technology but a bright future by taking the lead. One of the greatest risks would be defending against a foreign enemy... Read More

    May 17, 2023
    by Tom Ramstack
    US Prosecutors Indict Russian for Ransomware Attacks

    WASHINGTON — The Justice Department indicted a Russian citizen Tuesday prosecutors accused of ransomware campaigns that netted him and his... Read More

    WASHINGTON — The Justice Department indicted a Russian citizen Tuesday prosecutors accused of ransomware campaigns that netted him and his conspirators about $200 million in stolen payments. The victims were mostly in the United States. They included nonprofits, hospitals and police departments, such as the Washington,... Read More

    March 16, 2023
    by Tom Ramstack
    SEC Seeks Court Order in Investigation of Chinese Cyberattack

    WASHINGTON — A Securities and Exchange Commission investigation of a Chinese cyberattack is being opposed by some of Washington, D.C.’s... Read More

    WASHINGTON — A Securities and Exchange Commission investigation of a Chinese cyberattack is being opposed by some of Washington, D.C.’s biggest law firms. The SEC says it is trying to investigate the extent of 2020 cyberattacks in the United States, such as the one that penetrated... Read More

    T-Mobile Says Data on 37M Customers Stolen

    BOSTON (AP) — The U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late... Read More

    BOSTON (AP) — The U.S. wireless carrier T-Mobile said Thursday that an unidentified malicious intruder breached its network in late November and stole data on 37 million customers, including addresses, phone numbers and dates of birth. T-Mobile said in a filing with the U.S. Securities and... Read More

    December 5, 2022
    by TWN
    Philip Morris International Taking Proactive Role to Help Consumers Know, Fight Illegal Trade

    WASHINGTON — Illegal trade isn’t good. It’s not good for companies who depend on the revenue from their products to... Read More

    WASHINGTON — Illegal trade isn’t good. It’s not good for companies who depend on the revenue from their products to expand and add jobs, and it’s certainly not good for the consumers who unknowingly shell out considerable sums of money for knockoffs that ultimately fall far... Read More

    News From The Well
    scroll top