“SolarWinds” Hackers Infiltrate USAID Network to Phish Thousands of Email Accounts
WASHINGTON (NewsNation Now) — The same group that infiltrated several U.S. government agencies and private organizations in the SolarWinds hack breached the U.S. AID network, Microsoft says.
The company announced the hack on Thursday in a blog post saying the attack targeted thousands of individuals and originated from a breach in the USAID network.
“This wave of attacks targeted approximately 3,000 email accounts in over 150 different organizations. While organizations in the United States have received the largest share of attacks, targeted victims span at least 24 countries. At least a quarter of the targeted organizations were involved in international development, humanitarian work and human rights,” Microsoft said in a statement.
Microsoft noted that many attacks were automatically blocked by antivirus software and the company’s own security software. They said they are currently notifying all customers targeted by the attack.
“The forensic investigation into this security incident is ongoing,” USAID Acting Spokesperson Pooja Jhunjhunwala said in a statement. “USAID has notified and is working with all appropriate federal authorities, including the U.S. Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency.”
Cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft, said in a post that relatively low detection rates for phishing emails suggest the attacker “has probably successful in breaching targets”.
Nobelium, from Russia, is the same actor behind attacks on SolarWinds customers in 2020, according to Microsoft.
While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine US government agencies, was stealthy and continued for most of 2020 before being Detected in December by cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy — easy to detect.
Nobelium launched the attacks this week by breaking into an email marketing account used by the United States Agency for International Development (USAID) and from there launching phishing attacks against numerous other organizations. , Microsoft said.
Microsoft released photos showing an example of a phishing email that the email marketing account organization sent to infiltrate other organizations.
The hack of information technology company SolarWinds, which was identified in December, gave hackers access to thousands of businesses and government offices that used its products. Microsoft President Brad Smith described the attack as “the largest and most sophisticated attack the world has ever seen”.
This month, Russia’s spy chief denied responsibility for the SolarWinds cyberattack, but said he was “flattered” by accusations from the United States and Britain that Russian foreign intelligence services were at the origin of such sophisticated hacking.
The US and Britain blamed Russia’s Foreign Intelligence Service (SVR), the successor to the KGB’s foreign spy operations, for the hack that compromised nine US federal agencies and hundreds of private sector companies .
The attacks disclosed by Microsoft on Thursday appeared to be a continuation of multiple efforts to target government agencies involved in foreign policy as part of intelligence-gathering efforts, Microsoft said.
The Associated Press contributed to this report.