Russian hackers seized the email system used by the State Department’s international agency and other human rights groups, Microsoft announced.
Tom Burt, Microsoft’s corporate vice president of Customer Security & Trust, disclosed in a blog post on Thursday that the Russian group Nobelium targeted about 3,000 email accounts from 150 different organizations in at least 24 countries. The United States received the largest share of the attacks.
Burt said at least a quarter of the organizations targeted were international development, humanitarian and human rights work.
ADVERTISEMENT
The attacks were launched by gaining access to the email marketing account of the United States Agency for International Development (USAID), which falls under the State Department. From there, the hackers distributed phishing emails that looked real but included a link with a malicious file.
Burt wrote that the attacks “appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts.”
In a separate post, Microsoft said the hackers sent emails to recipients that were made to appear like an alert which stated “Donald TrumpDonald TrumpPaul Ryan: Voters won’t be impressed by ‘yes-men and flatterers flocking to Mar-a-Lago’ Murkowski voices frustration with GOP over Jan. 6 commission: ‘Something bad happened’ Intelligence told White House they have unexamined evidence on coronavirus origins: report MORE has published new documents on election fraud.”
If clicked, the URL directed them to the legitimate Constant Contact Service, and then to Nobelium-controlled infrastructure. A malicious file was then delivered to the system.
A spokesperson for the Cybersecurity Infrastructure Security Agency told The Hill in a statement “we are aware of the potential compromise at USAID through an email marketing platform and are working with the FBI and USAID to better understand the extent of the compromise and assist potential victims.”
Nobelium, based in Russia, was the same actor behind the hack of SolarWinds in 2020 during which hackers gained access to 18,000 customers and compromised nine federal agencies.
ADVERTISEMENT
The Biden administration has formally acknowledged Russia as behind the hack and sanctioned Russia in mid-April over its involvement.
The hack came a couple of weeks after cybercriminals launched a ransomware attack on the Colonial Pipeline, forcing it to shut down operations and disrupt gas supplies.
President BidenJoe BidenPaul Ryan: Voters won’t be impressed by ‘yes-men and flatterers flocking to Mar-a-Lago’ Intelligence told White House they have unexamined evidence on coronavirus origins: report Milley says U.S. planning for potential evacuation of Afghan translators from region MORE signed an executive order earlier this month to improve federal cybersecurity amid the attack and multiple others.
Updated at 8:04 a.m.
Click Here: Essendon Bombers guernsey