Annette Riedl | Picture Alliance | Getty Images
The Russian hackers, believed to be behind the catastrophic SolarWinds attack last year, launched another major cyberattack, Microsoft warned three weeks before President Joe Biden’s meeting with Russian President Vladimir Putin.
Microsoft said in a blog post on Thursday that the hacking group known as Nobelium had attacked over 150 organizations worldwide in the past week, including government agencies, think tanks, advisors and non-governmental organizations.
They sent phishing emails – fake messages designed to trick people into disclosing sensitive information or downloading malicious software – to more than 3,000 email accounts, the tech giant said.
At least 25% of the target organizations are involved in international development, humanitarian and human rights work, said Tom Burt, corporate vice president of customer security and trust at Microsoft.
“These attacks appear to be a continuation of Nobelium’s multiple intelligence-gathering efforts to target government foreign policy agencies,” Burt said.
According to Microsoft, organizations in at least 24 countries have been affected, with the US receiving the largest share of attacks.
The violation was discovered three weeks before the Biden-Putin summit in Geneva on June 16.
It also comes a month after the US government explicitly stated that the SolarWinds hack was carried out by the Russian SVR, a successor to the Soviet KGB’s foreign espionage operations.
The Kremlin said Friday it had no information about the cyber attack and Microsoft needed to answer more questions, including how the attack relates to Russia, Reuters reported. The Kremlin did not immediately respond to CNBC’s request for comment.
The hack explained
According to Microsoft, Nobelium has gained access to an email marketing account used by the U.S. Agency for International Development, the federal government’s aid agency. The account is managed on a platform called Constant Contact.
Burt said Nobelium used the account to “distribute phishing emails that looked authentic but contained a link that inserted a malicious file when clicked”.
The file contains a backdoor, which Microsoft calls NativeZone, which “can enable a wide variety of activities from stealing data to infecting other computers on a network,” Burt said. Microsoft is in the process of notifying customers who have been targeted.
Steve Forbes, a government cybersecurity expert with Domain Name Manager Nominet, explained the dangers of these types of hacks.
“Phishing attacks are essentially a numbers game and the attackers play the odds,” he said in a statement. “If they’re targeting 3,000 accounts, all a worker needs to do is click the link to set up a backdoor for the hackers in a government organization.”
The SolarWinds attack uncovered in December turned out to be much worse than initially expected. It gave the hackers access to thousands of companies and government agencies that were using SolarWinds IT software.
Microsoft President Brad Smith described this attack as “the largest and most sophisticated attack the world has ever seen”.
Earlier this month, Russia’s spy chief denied responsibility for the SolarWinds cyberattack, but said he was “flattered” by US and UK allegations that Russian foreign intelligence was behind such a sophisticated hack.
