x

Sciences

Microsoft: SolarWinds Hackers Target 150 Orgs with Phishing

BOSTON — The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft says.

The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

It did not say what portion of the attempts may have led to successful intrusions but said many of those targeting Microsoft customers were blocked automatically. "We're also in the process of notifying all of our customers who have been targeted," Burt said.

The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft , said in a post  that relatively low detection rates of the phishing emails suggest the attacker was "likely having some success in breaching targets." 

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to "target government agencies involved in foreign policy as part of intelligence gathering efforts." He said the targets spanned at least 24 countries.

The hackers gained access to USAID's account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to "achieve persistent access to compromised machines."

Microsoft said in a separate, technical blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.

USAID and Constant Contact provided no additional detail on how the hackers gained access. USAID spokeswoman Pooja Jhunjhunwala said Friday that a forensic investigation was ongoing and the agency was working with the Cybersecurity and Infrastructure Security Agency. Constant Contact spokeswoman Kristen Andrews called it an "isolated incident," with the impacted accounts temporarily disabled.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy. Easy to detect.

Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the supply chain of a trusted technology provider's software updates; this campaign piggybacked on a mass email provider.

With both methods, the company said, the hackers undermine trust in the technology ecosystem. 

As in the SolarWinds campaign, the exploit of the USAID marketing email was first publicized by private sector actors. 

RELATED

Talk about hot nights, America got some for the history books last month.

Top Stories

Columnists

A pregnant woman was driving in the HOV lane near Dallas.

General News

FALMOUTH, MA – The police in Falmouth have identified the victim in an accident involving a car plunging into the ocean on February 20, NBC10 Boston reported.

General News

NEW YORK – Meropi Kyriacou, the new Principal of The Cathedral School in Manhattan, was honored as The National Herald’s Educator of the Year.

Enter your email address to subscribe

Provide your email address to subscribe. For e.g. abc@xyz.com

You may unsubscribe at any time using the link in our newsletter.