Microsoft warns against sophisticated cyberattack from Russia. Microsoft has warned of an ongoing sophisticated cyberattack that is also believed to originate from Russia-linked hackers, as was the case behind the SolarWinds attack.
Tom Burt, Microsoft’s corporate vice president of customer security and trust, said in a blog post on the matter that the attack targeted government agencies, think tanks, consultants and NGOs. In total, around 3,000 email accounts in 150 organizations are believed to have been targeted. It is stated that the victims of the cyber attack have spread to nearly 24 countries. The majority, however, are believed to be in the United States.
According to Microsoft, hackers from a threat source called Nobelium hijacked the US Agency for International Development’s account at a marketing service called Constant Contact, where they sent genuine-looking phishing emails. Microsoft’s blog post contains a screenshot of one of these emails claiming to contain a link to “election fraud documents” by Donald Trump. However, clicking this link installs a backdoor that allows attackers to steal data or infect other computers on the same network.
“We are aware that one of our customers’ account information was compromised and used by a malicious actor to access the customer’s Constant Contact accounts,” a Constant Contact spokesperson said in a statement. “This is an isolated incident and we have temporarily disabled the affected accounts while working in collaboration with our law enforcement client.”
Microsoft says it believes most attacks are blocked automatically, and that Windows Defender antivirus software also limits the spread of malware. The Cyber Security and Infrastructure Security Agency at the US Department of Homeland Security acknowledged what was voiced in Microsoft’s blog post and encouraged administrators to take necessary mitigating action.
This malicious email attack serves as a warning that supply chain cyberattacks against US organizations are showing no signs of slowing down, and hackers are updating their methods in response to previous attacks becoming public. In its post, Microsoft calls for new international norms governing “nation-state behavior in cyberspace,” and expectations for the consequences of breaking them.
The belief that Russia is behind the Solar Winds attack
Bloomberg recalls that the US government blamed the Russian foreign intelligence service SVR for the SolarWinds attack, despite Russian President Vladimir Putin’s denial of Russian involvement. The attack is believed to have breached the security of nearly 100 private sector companies and nine US federal agencies. Up to 18,000 SolarWinds customers are believed to have been exposed to malicious code. US President Biden announced new sanctions on Russia in response and moved to expel 10 Russian diplomats from Washington, Bloomberg reported.