Hackers Strike Again

The attack targeted 3,000 email accounts across 150 organizations, mostly in the United States. The targets are in at least 24 countries. At least a quarter of the targeted organizations are said to be involved in missions.

The effort involved sending phishing emails. Cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft, wrote in a blog post that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”

The Russian Ministry of Foreign Affairs didn't immediately respond to a request for comment. SVR Director Sergei Naryshkin has previously mocked the U.S. and the U.K. governments' claims that his agency was responsible for the SolarWinds hack. Microsoft did not say whether or how many attempts were successful. It said many emails in the high-volume campaign would have been blocked by automated systems. The email campaign has been going on since at least January and evolved over waves.

Microsoft said that Nobelium's spear-phishing campaign is ongoing. "It is anticipated that additional activity may be carried out by the group using an evolving set of tactics". In an emailed statement, a spokesperson for Constant Contact said that the compromise of USAID’s account on its platform was “an isolated incident” and that the company has temporarily disabled accounts that may have been impacted. Emails were sent that were meant to look like they were from USAID, including some that read "special alert" and "Donald Trump has published new documents on election fraud," Microsoft said.

If users click the link, a malicious file gets installed in their system that allows Nobelium access to the compromised machines. Microsoft detected the attack through the work of its threat intelligence center in tracking "nation-state actors." The company has no reason to believe there is a vulnerability with its products or services. The SolarWinds attack, which was discovered late last year, involved hacking widely used software made by the Texas-based company and lead to the infiltration of at least nine federal agencies and dozens of companies.

Microsoft President Brad Smith called it "the largest and most sophisticated attack the world has ever seen." Before the SolarWinds campaign, the SVR was more widely known for spear-phishing campaigns, making the USAID scam something of a return to form for the agency, said John Hultquist, the director of intelligence analysis at Mandiant, a cybersecurity company that also tracked the campaign. “This spun up as SolarWinds spun down,” he said. “This is a reminder that espionage isn’t going away. You’re not going to get the Russians to stop spying.”

At Dallas Network Services, we work with a large variety of businesses based in Dallas and Fort Worth (DFW) and the surrounding area such as Addison, Plano, Carrollton, Denton, Richardson, Garland and beyond. We also extend our reach outside the area to include all Texas and other states. We provide on premise server support including Microsoft Exchange as well as Cloud computing services and hosted solutions. We specialize project services, network support, desktop support and voice over IP (VoIP) business phones. Our fully managed IT services will improve your business reliability as well as your bottom line. Contact us today at www.dallasnetworkservices.com chat or call 214-696-6630. #DNS#dallasnetworkservices#techsupport#hacker#cybersecurity#MSP