Microsoft explained that Nobelium, a Russian-based hacking group, launched the phishing campaign by gaining entry to a marketing account of this U.S. Agency for International Development.

The Russian-based group behind the SolarWinds hack has launched a fresh campaign that appears to target government agencies, think tanks and nongovernmental organizations, investigators said Thursday.

The prolific hacker team, which Microsoft refers to as Nobelium and is widely thought to be conducted by Russia’s Foreign Intelligence Service, or SVR, launched the present attacks after obtaining access to an email marketing service used by the U.S. Agency for International Development, or USAID, based on Microsoft.

The effort, which Microsoft called an active incident, targeted 3,000 email accounts across 150 organizations, mostly in the USA, he said. But the goals are in at least 24 nations. At least a quarter of those targeted organizations are said to be involved in missions including global development and human rights work.

The effort involved sending phishing emails. Cybersecurity company Volexity, which also tracked the effort but has less visibility into email systems than Microsoft, composed in a blog article that comparatively low detection rates of the phishing emails indicate the attacker was”likely having some success in breaching goals”

The Russian Ministry of Foreign Affairs didn’t immediately respond to a request for comment. SVR Director Sergei Naryshkin has formerly ascribed the U.S. and the U.K. authorities’ claims that his agency was responsible to the SolarWinds hack.

Microsoft didn’t say whether or how many attempts were successful. It stated many emails from the high-volume campaign would have been blocked by automatic systems.

The email campaign has been going on since at least January and evolved over waves, it said in a separate blog article .

Microsoft said in Thursday’s blog that Nobelium’s spearphishing campaign is continuing. “It is anticipated that additional activity may be carried out from the team using an evolving set of tactics,” it stated.

Nobelium, Burt said, accessed the USAID’s accounts with Constant Contact, a mass-mailing support.

In an emailed statement, a spokesperson for Constant Contact stated that the compromise of USAID’s report on its stage was”an isolated incident” and that the firm has temporarily disabled accounts that could have been affected.

On Tuesday, emails were sent which were supposed to look like they were from USAID, including some that read”special alert” and”Donald Trump has published new records on election fraud,” Microsoft said.

When users click the connection, a malicious file gets installed in their system which enables Nobelium access to the compromised machines, Microsoft said.