SolarWinds hackers target 150 organizations with phishing

BOSTON – Russian state-backed cyber spies behind the SolarWinds hacking campaign this week launched a targeted spear-phishing attack against U.S. and foreign government agencies and think tanks using an email marketing account from the US Agency for International Development, Microsoft said.

The effort has targeted around 3,000 email accounts in more than 150 different organizations, at least a quarter of which are involved in international development, humanitarian action and human rights, Microsoft vice president said, Tom Burt. in a blog post Thursday evening.

He did not specify which part of the attempts may have led to successful intrusions.

Cybersecurity firm Volexity, which also followed the campaign but has less visibility on messaging systems than Microsoft , said in a message that relatively low detection rates for phishing emails suggest that the attacker “may have successfully breached targets.”

A d

Burt said the campaign appeared to be a continuation of multiple efforts by Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets covered at least 24 countries.

The hackers gained access to the USAID account at Constant Contact, an email marketing service, Microsoft said. Authentic-looking phishing emails dated May 25 claim to contain new information on the 2020 election fraud allegations and include a link to malware that allows hackers to “gain permanent access to compromised machines.” “.

Microsoft said in a separate blog post that the campaign is ongoing and has evolved from several waves of spear-phishing campaigns it first detected in January that escalated into mass mailings this week.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks, as well as at least nine U.S. government agencies, was extremely stealthy and lasted for most of 2020 before being detected in December by cybersecurity firm FireEye, this campaign is what cybersecurity researchers call loud. Easy to detect.

A d

Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the software update supply chain from a trusted technology vendor; this campaign relied on a mass messaging provider.

With both methods, the company said, the hackers undermine trust in the tech ecosystem.

Copyright 2021 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.

About Madeline Powers

Check Also

10 tips to scale your freelance writing business

Freelance content writing is a competitive vocation, but you can eventually turn it into a …

Leave a Reply

Your email address will not be published.