The Russian hackers behind the SolarWinds hack has launched a large phishing campaign targeting think tanks, NGOs and government agencies.
Last year, Russian hacking group Nobelium exploited vulnerabilities in Microsoft and SolarWinds programs and conducted a supply-chain attack which resulted in malware being distributed. Nine US federal agencies and over 100 companies were targeted.
According to Micrososft, the company has observed cyber attacks by the very same threat group. This new wave of attacks has targeted around 3,300 email accounts at more than 150 different organisations.
Whilst organisations in the US received the largest share of attacks, victims also span in atleast 24 other countries.
Microsoft added that at least a quarter of the targeted organisations were involved in international development, humanitarian, and human rights works.
”These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” explained Tom Burt, Corporate Vice President, Customer Security & Trust, Microsoft.
Nobelium launched the phishing campaign by gaining access to the Constant Contact account of USAID.
”From there, the actor was able to distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call NativeZone. This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network.” Burt explained.
Don’t miss out on the “Phishing Prevention Plans and Staying One Step Ahead of Cybercriminals” panel discussion at PrivSec Global on June 23 at 1pm.
Panellists will examine the phenomenon and look at what organisations and businesses can do to strengthen their defences.