facebook linkedin twitter

Microsoft: SolarWinds Hackers Target 150 Orgs with Phishing

May 28, 2021by Frank Bajak, AP Technology Writer
FILE - In this April 1, 2014, file photo, the headquarters for the U.S. Agency for International Development is seen in Washington. The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks using an email marketing account of the U.S. Agency for International Development, Microsoft said, late Thursday, May 27, 2021. (AP Photo/J. David Ake, File)

BOSTON (AP) — The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft said.

The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

It did not say what portion of the attempts may have led to successful intrusions.

The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft , said in a post  that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.” 

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”

Microsoft said in a  separate blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy. Easy to detect.

Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the supply chain of a trusted technology provider’s software updates; this campaign piggybacked on a mass email provider.

With both methods, the company said, the hackers undermine trust in the technology ecosystem. 

Cybercrime

September 1, 2021
by Tom Ramstack
Executives Advocate for Legislation to Unite Government and Private Cybersecurity

WASHINGTON -- A cybersecurity expert told a congressional panel Wednesday that private industry alone cannot be expected to effectively confront... Read More

WASHINGTON -- A cybersecurity expert told a congressional panel Wednesday that private industry alone cannot be expected to effectively confront the kinds of cyberattacks that have wreaked havoc on U.S. computer networks in recent years. He testified to a House Homeland Security subcommittee as it considers... Read More

August 27, 2021
by Reece Nations
FBI Warns of New Hive Ransomware Threat

WASHINGTON — The Federal Bureau of Investigation distributed a Flash report on Friday warning of indicators of compromise from the... Read More

WASHINGTON — The Federal Bureau of Investigation distributed a Flash report on Friday warning of indicators of compromise from the Hive ransomware known to have infiltrated business networks. The ransomware utilizes multiple mechanisms as attachments to gain access and “Remote Desktop Protocol” to operate once embedded,... Read More

Report: Census Hit by Cyberattack, US Count Unaffected

U.S. Census Bureau computer servers were exploited last year during a cybersecurity attack, but it didn't involve the 2020 census,... Read More

U.S. Census Bureau computer servers were exploited last year during a cybersecurity attack, but it didn't involve the 2020 census, and hackers' attempts to keep access to the system were unsuccessful, according to a watchdog report released Wednesday. The attack took place in January 2020 on... Read More

July 29, 2021
by Tom Ramstack
Government Tries to Play Catch-Up Against Fast-Moving Cyberattacks

WASHINGTON -- Congress took a stab Thursday at improving the nation’s cybersecurity as the federal government mobilizes more resources against... Read More

WASHINGTON -- Congress took a stab Thursday at improving the nation’s cybersecurity as the federal government mobilizes more resources against ransomware and hackers. Both President Joe Biden and members of a House Homeland Security subcommittee described threats to U.S. computer systems as a potentially devastating economic... Read More

July 26, 2021
by Reece Nations
Pegasus Spyware Used to Target Activists, Journalists, Report Finds

An investigation by the Paris-based journalism nonprofit Forbidden Stories and the human rights group Amnesty International revealed thousands of people... Read More

An investigation by the Paris-based journalism nonprofit Forbidden Stories and the human rights group Amnesty International revealed thousands of people were targeted by spyware developed by the Israel-based NSO Group Technologies. Hundreds of human rights activists, government officials, business executives and journalists worldwide had their cellphones... Read More

July 20, 2021
by Tom Ramstack
Government Takes Helm on Cybersecurity As Ransomware and Spying Threats Grow

WASHINGTON -- As the international blame game over ransomware heats up this week, the U.S. government is scrambling for solutions... Read More

WASHINGTON -- As the international blame game over ransomware heats up this week, the U.S. government is scrambling for solutions with increasingly combative strategies. Legislation that won tentative approval in Congress on Monday anticipates a bigger role for the U.S. government in overseeing cybersecurity of critical... Read More

News From The Well
scroll top