Hacker attack against US government and Ngos. Microsoft’s alarm
di Chiara Rossi
Microsoft says that hackers at Solarwinds have struck again in the United States and other countries. Here are all the details
This week the people behind the Solarwinds hacking campaign launched a targeted spear-attackphishing against US and foreign government agencies and expert groups using an email marketing account of the US Agency for Internationalization Development (Usaid).
The alarm is sounded by Microsoft.
“This week we detected Nobelium’s attacks” against these organizations, wrote Microsoft Vice President Tom Burt on his blog.
Nobelium, it reads, is the group of Russian hackers that attacked the customers of Solarwinds, a Texas computer company that produces Orion, a business network management software used by over 300,000 customers worldwide..
On Friday Kremlin spokesman Dmitry Peskov refused to comment on the details of Microsoft’s allegations.
The alarm of the American technological giant follows the attack that led to the closure of Colonial Pipeline, the largest pipeline network in the United States, for a few days. “This wave of attacks has affected about 3,000 email accounts from over 150 different organizations,” according to Microsoft. The attacks – it reads – have not only affected the United States, but at least 24 countries.
A forensic investigation of the incident is ongoing, the Usaid said in a note.
All the details.
NEW HACKER ATTACK REPORTED BY MICROSOFT
Hackers have gained access to Usaid’s account at Constant Contact, an email marketing service, says Microsoft. Phishing e-mails, authentic and dated May 25, claim to contain new information on claims of electoral fraud in 2020. These emails contain a malware link with which hackers can “get permanent access to compromised machines”..
MORE THAN 150 ORGANISATIONS INVOLVED
The campaign, which Microsoft called an active incident, targeted 3,000 email accounts in 150 organizations, primarily in the United States. But the targets cover at least 24 countries, he added.
OBJECTIVES OF 24 COUNTRIES
According to the Redmond colossus, this could be the continuation of Russian hacker attempts to “target government agencies involved in foreign policy as part of intelligence-gathering efforts”.
THE DURATION OF THE MARKETING YEAR
The spear phishing campaign has been going on since at least January and has evolved in waves, reads Microsoft’s post.
WHAT THE COMPUTER SECURITY COMPANY VOLEXITY FOUND
Computer security firm Volexity, which monitored the campaign, said that relatively low detection rates of phishing e-mails suggest that the attacker was “probably having some success in violating targets”.
THE REACTION OF THE FEDERAL GOVERNMENT
“Usaid has notified and is working with all relevant federal authorities, including the United States Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA)”, the US Agency for Internationalization Development announced.
A Cisa spokesperson said they are working “to better understand the scope of the attack and assist potential victims”.
HACKER ISSUES FOR MICROSOFT?
Microsoft’s vice president pointed out that the company has no reason to believe that there is a vulnerability with its products or services.
The Solarwinds attack, discovered at the end of last year, perpetrated through the Orion software provided by the US company, led to the infiltration of at least nine federal agencies and dozens of companies. The colossus of Redmond had stated that he had found in his systems the malware related to the massive hacking campaign. Therefore Microsoft had announced that it had identified more than 40 customers targeted by hackers.
Finally, Microsoft noted the two distribution methods used in the two cyber attacks. The Solarwinds hack has exploited the supply chain of software updates of a reliable technology provider. The latter has instead exploited a mass email provider.