Microsoft has raised the alarm about a “AdvancedPersistent cyberattack, believed to come from the same Russian-linked hackers behind the SolarWinds hack. blog postTom Burt, Microsoft’s corporate vice president for customer security and trust, said the attack appears to be targeting government agencies, think tanks, consultants and NGOs. In total, about 3,000 email accounts are said to be targeted by 150 organizations. Casualties are spread across more than 24 countries, but the majority are believed to be in the US.
According to Microsoft, hackers of a threat actor called Nobelium were able to compromise the US Agency for International Development’s account on a marketing service called Constant Contact, allowing them to send authentic-looking phishing emails. Microsoft’s message contains a screenshot of one of these emails, which claimed to contain a link to Donald Trump’s “Election Fraud Documents”. However, when clicked, this link would install a backdoor that would allow the attackers to steal data or infect other computers on the same network.
“We are aware that one of our customers’ account information has been compromised and used by a malicious actor to gain access to the customer’s Constant Contact accounts,” a Constant Contact spokesperson said in a statement. “This is an isolated incident and we have temporarily disabled the affected accounts while working with our client, who is working with law enforcement officials.”
Microsoft says it believes many of the attacks have been automatically blocked and Windows Defender’s anti-virus software also limits the spread of the malware. The Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security Microsoft’s blog post acknowledged and encouraged administrators to implement the ‘necessary measures’.
This salvo of malicious emails is a warning that supply chain cyberattacks against US organizations are showing no signs of slowing down and that hackers are updating their methods in response to previous attacks that went public. In her role, Microsoft is calling for new international standards to be set for the “behavior of nation-states in cyberspace,” along with expectations about the consequences of violating them.
The US government has blamed SVR, the Russian foreign intelligence agency, for the SolarWinds hack, Bloomberg notes, although Russian President Vladimir Putin has denied Russian involvement. The attack allegedly compromised about 100 private sector companies and nine federal agencies. Up to 18,000 SolarWinds customers are believed to have been exposed to the malicious code. In response, President Biden announced new sanctions against Russia and decided to expel 10 Russian diplomats from Washington, Bloomberg reports.