Loading...

Microsoft: SolarWinds Hackers Target 150 Orgs with Phishing

May 28, 2021by Frank Bajak, AP Technology Writer
Microsoft: SolarWinds Hackers Target 150 Orgs with Phishing
FILE - In this April 1, 2014, file photo, the headquarters for the U.S. Agency for International Development is seen in Washington. The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks using an email marketing account of the U.S. Agency for International Development, Microsoft said, late Thursday, May 27, 2021. (AP Photo/J. David Ake, File)

BOSTON (AP) — The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft said.

The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

It did not say what portion of the attempts may have led to successful intrusions.

The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft , said in a post  that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.” 

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”

Microsoft said in a  separate blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy. Easy to detect.

Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the supply chain of a trusted technology provider’s software updates; this campaign piggybacked on a mass email provider.

With both methods, the company said, the hackers undermine trust in the technology ecosystem. 

In The News

Health

Voting

Cybercrime

July 28, 2022
by Dan McCue
$10M Award Offered for Info on Foreign Interference in US Elections

WASHINGTON — The State Department is offering a reward of up to $10 million for information on foreign interference in... Read More

WASHINGTON — The State Department is offering a reward of up to $10 million for information on foreign interference in U.S. elections.  The effort, which is being administered by the department’s Rewards for Justice program, is seeking information leading to the identification or location of any... Read More

May 18, 2022
by Dan McCue
Federal Agencies Told to Act Quickly to Turn Back Cyberthreat

WASHINGTON — The entity charged with protecting federal agencies from bad cyber actors issued a rare emergency directive Thursday, warning... Read More

WASHINGTON — The entity charged with protecting federal agencies from bad cyber actors issued a rare emergency directive Thursday, warning they should quickly take steps to protect themselves from vulnerabilities found in VMware. VMware is a cloud computing and virtualization technology company headquartered in Palo Alto,... Read More

May 6, 2022
by Madeline Hughes
Cybercrime Tracking Bill Signed Into Law

WASHINGTON — The Department of Justice can now get a handle on the number of cybercrimes happening in the U.S.... Read More

WASHINGTON — The Department of Justice can now get a handle on the number of cybercrimes happening in the U.S. after President Joe Biden signed a bill into law Thursday granting the department the ability to track crimes that have become increasingly prevalent in recent years.... Read More

May 4, 2022
by Tom Ramstack
Russian Cyberthreats Create Alarms at Senate Homeland Security Hearing

WASHINGTON — Lawmakers at a Senate hearing renewed warnings Wednesday that Russian cyberattacks remain a serious threat as the United... Read More

WASHINGTON — Lawmakers at a Senate hearing renewed warnings Wednesday that Russian cyberattacks remain a serious threat as the United States and allies continue their support for Ukraine. In the latest move, the European Union announced Tuesday it would end all oil imports from Russia in... Read More

April 26, 2022
by Tom Ramstack
FBI Warns of Ransomware Attackers Using Sophisticated Program

WASHINGTON — The FBI is warning that computer hackers most likely based in Russia have compromised at least 60 organizations... Read More

WASHINGTON — The FBI is warning that computer hackers most likely based in Russia have compromised at least 60 organizations since last month with a new generation of a sophisticated programming language.  The targets of the ransomware attacks have included a Swiss airport management company and... Read More

April 22, 2022
by Tom Ramstack
FBI Warns Farmers to Beware Ransomware Cyberattacks

WASHINGTON — The FBI issued a warning this week to farm cooperatives that ransomware attackers are increasingly trying to disrupt... Read More

WASHINGTON — The FBI issued a warning this week to farm cooperatives that ransomware attackers are increasingly trying to disrupt their operations during the planting and harvest seasons. The FBI announcement was one of several warnings about cyberattacks that are becoming more shrill as Russia continues... Read More

News From The Well