The state-backed Russian cyber spies supporting the SolarWinds hacking effort started a targeted spear-phishing attack on U.S. and overseas government agencies and think tanks that this week working with an email advertising account of this U.S. Agency for International Development, Microsoft stated.
The campaign targeted around 3,000 email accounts at over 150 distinct organizations, at the very least a quarter of these engaged in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt stated at a blog article late Thursday.
It didn’t state what part of the efforts may have resulted in successful intrusions.
The cybersecurity company Volexity, which also monitored the effort however, has less visibility into email systems than Microsoft , stated in a post that comparatively low detection levels of the malware emails indicate that the attacker was”probably having some success in breaching goals”
He said the goals spanned at least 24 nations.
The hackers obtained access to USAID’s accounts at Constant Contact, an email marketing agency, Microsoft said.
Microsoft stated in a separate site article the campaign is continuing and evolved from many waves of spear-phishing campaigns it initially discovered in January that escalated into the mass-mailings of the week.
Even though the SolarWinds campaign, that infiltrated heaps of private business companies and think tanks in addition to at least eight U.S. government bureaus, was stealthy and went for many of 2020 prior to being discovered in December from the cybersecurity company FireEye, this effort is exactly what cybersecurity researchers predict noisy. Easy to discover.
Microsoft noted both mass distribution approaches utilized: the SolarWinds hack used the distribution chain of a reliable technology supplier’s software upgrades; this effort piggybacked on a mass email supplier.
With both approaches, the business stated, the hackers endanger trust in the technology ecosystem.