Microsoft: SolarWinds Hackers Target 150 Orgs with Phishing

May 28, 2021by Frank Bajak, AP Technology Writer
FILE - In this April 1, 2014, file photo, the headquarters for the U.S. Agency for International Development is seen in Washington. The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks using an email marketing account of the U.S. Agency for International Development, Microsoft said, late Thursday, May 27, 2021. (AP Photo/J. David Ake, File)

BOSTON (AP) — The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft said.

The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

It did not say what portion of the attempts may have led to successful intrusions.

The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft , said in a post  that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.” 

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”

Microsoft said in a  separate blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy. Easy to detect.

Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the supply chain of a trusted technology provider’s software updates; this campaign piggybacked on a mass email provider.

With both methods, the company said, the hackers undermine trust in the technology ecosystem. 

In The News

Health

Voting

Cybercrime

Defense Supply Chain Management Systems Are Vulnerable, GAO Says
Defense
Defense Supply Chain Management Systems Are Vulnerable, GAO Says
June 24, 2021
by Reece Nations

WASHINGTON — The Government Accountability Office issued a report this week addressing cybersecurity vulnerabilities in the Department of Defense inventory management systems used to manage the national defense supply chain. Risks in six inventory management systems run by the Defense Logistics Agency were reviewed in the... Read More

Ransomware Gangs Get Paid Off as Officials Struggle for Fix
Cybercrime
Ransomware Gangs Get Paid Off as Officials Struggle for Fix

BOSTON (AP) — If your business falls victim to ransomware and you want simple advice on whether to pay the criminals, don't expect much help from the U.S. government. The answer is apt to be: It depends. "It is the position of the U.S. government that... Read More

Senators Try to Get Tough On Rise in Cybercrime
Cybersecurity
Senators Try to Get Tough On Rise in Cybercrime
June 17, 2021
by Tom Ramstack

WASHINGTON -- A group of U.S. senators responded Thursday to recent ransomware attacks by introducing legislation to impose new tactics and harsh penalties on cyberattackers. They pinned much of the blame on Russia, despite denials a day earlier by Russian President Vladimir Putin. “The Russians do... Read More

Warner Contemplates Mandatory Cyberattack Reporting Bill
Cybersecurity
Warner Contemplates Mandatory Cyberattack Reporting Bill
June 16, 2021
by Kate Michael

WASHINGTON — The rise in profit-driven cyberattacks has prompted Senate Select Committee on Intelligence Chairman Mark Warner, D-Va., to contemplate a mandatory reporting bill so law enforcement can promptly take action on urgent threats. Warner told Axios recently that he anticipates broad support for such upcoming... Read More

Kakto Presses Administration to Take Cybersecurity More Seriously
Think Tanks
Kakto Presses Administration to Take Cybersecurity More Seriously
June 11, 2021
by Victoria Turner

Rep. John Katko, R-N.Y. recently went into a couple of Lincoln car dealerships in Syracuse, New York, but “neither one of them had any cars.”  “And they’re not going to have any cars for several weeks because of the chip shortage,” Katko said during a "fireside... Read More

Federal Government Prepares to Take Lead in Protecting Industry Computer Networks
Cybersecurity
Federal Government Prepares to Take Lead in Protecting Industry Computer Networks
June 10, 2021
by Tom Ramstack

WASHINGTON -- Testimony at a congressional hearing Wednesday on last month’s Colonial Pipeline Co. ransomware attack demonstrated that a bigger role for the federal government is coming soon to protect private computer networks. The Georgia-based company’s chief executive officer admitted to internal failures in protecting the... Read More

News From The Well
scroll top