Russian hackers behind the attacks on SolarWinds customers in 2020, have launched a new wave of cyberattacks on government agencies, think tanks, consultants, and non-governmental organisations, confirmed Microsoft in a blog. The hacker group Nobelium targeted approximately 3,000 email accounts at more than 150 different organizations.
"While organisations in the United States received the largest share of attacks, targeted victims span at least 24 countries. At least a quarter of the targeted organizations were involved in international development, humanitarian, and human rights work," noted Microsoft. It further added that these cyberattacks appear to be the continuation of multiple efforts by the Russian hacker group to target government agencies involved in foreign policy as part of intelligence gathering efforts.
Explaining how the cyberattacks were conducted, Microsoft said that Nobelium launched the attacks by gaining access to the Constant Contact account of USAID. Constant Contact is a service used for email marketing. From here the attackers were able to distribute phishing emails that appeared authentic but contained a link which upon clicking inserted a malicious file used to distribute a "backdoor we call NativeZone", added the tech giant.
Microsoft has stated that there are three reasons why these cyberattacks are significant. Firstly, after these attacks and the one of SolarWinds, it is evident that part of Nodelium's playbook is to gain access to trusted technology providers and then infect their customer base.
Secondly, the firm states that Nobelium's activities and that of similar actors tend to track with issues of concern to the country from which these hacker groups are operating. It gave the example of how during the height of the COVID-19 pandemic Russian hackers Strontium targeted healthcare organisations involved with vaccines.
Thirdly, Microsoft warned that these nation-state cyberattacks aren't slowing down. The firm has appealed for clear rules governing nation-state conduct in cyberspace and clear expectations of the consequences for violation of those rules. "We must continue to rally around progress made by the Paris Call for Trust and Security in Cyberspace, and more widely adopt the recommendations of the Cybersecurity Tech Accord, and the CyberPeace Institute," added Microsoft.
SolarWinds is an American software development firm that was the victim of a cyber attack in 2020. SolarWinds' product Orion, which is used by 33,000 public and private sector customers, was the focus of the large scale attack.
Also Read: Khul Ja Sim Sim! Microsoft makes coding super easy, anyone can do it