The group behind the SolarWinds cybersecurity attack is now targeting government agencies, think tanks, consultants, and non-governmental organizations, Microsoft said on Thursday. Russian-based Nobelium targeted around 3,000 email accounts across more than 150 different organizations, Tom Burt, Microsoft vice president of customer security and trust, wrote in a blog post on Thursday.
Nobelium carried out these attacks by breaking into an email marketing account called Constant Contact, used by the United States Agency For International Development (USAID), Microsoft said. It then sent phishing emails that looked authentic but contained malicious content, Microsoft said. The tech giant's comments come weeks after a ransomware attack on Colonial Pipeline on May 7 shut the largest fuel pipeline network in the US for several days, disrupting the country's supply.
Burt said in the blog that US organizations had the biggest share of cyber attacks, but other targeted victims came from at least 24 countries. At least a quarter of the targeted organisations were involved in international development, humanitarian issues, and human-rights work, Burt said.
The SolarWinds hack, identified in December, gave hackers access to the thousands of companies and government offices that used SolarWinds' software. Microsoft President Brad Smith described the attack as "the largest and most sophisticated attack the world has ever seen".
This month, Russia's spy chief denied responsibility for the SolarWinds cyberattack, but said he was "flattered" by the accusations from the US and Britain that Russian foreign intelligence was behind such a sophisticated hack. The US and Britain have blamed Russia's Foreign Intelligence Service (SVR) for the hack, which compromised nine US federal agencies and hundreds of private sector companies.
The attacks disclosed by Microsoft on Thursday appeared to be a continuation of multiple efforts to target government agencies involved in foreign policy as part of intelligence gathering efforts, according to Microsoft. "Many of the attacks targeting our customers were blocked automatically, and Windows Defender is blocking the malware involved in this attack," Microsoft said in the blog. The company said it was in the process of notifying all its targeted customers and had "no reason to believe" these attacks involved any exploitation or vulnerability in Microsoft's products or services.
Kate Duffy,Reuters
No comments:
Post a Comment