Russian hackers target aid groups in new cyber-attack, says Microsoft

Microsoft says another wave of Russian cyber-attacks has targeted government agencies and human rights groups in 24 countries, most in the US.

It said about 3,000 email accounts at more than 150 different organisations had been attacked this week.

May 28, 2021: Microsoft is warning of an active cyberattack campaign, apparently launched by Russia-based hackers, that appears to be targeting U.S. government agencies and other groups. NBC chief White House correspondent Kristen Welker reports for TODAY.

The group responsible was the same one that carried out last year’s SolarWinds attacks, which Russia’s Foreign Intelligence Service (SVR) is accused of orchestrating, Microsoft said.

Russia has denied both cyber-attacks.

The Kremlin on Friday said it had no knowledge of the latest hacks, and called on the US tech giant to answer further questions, including how it was linked to Russia.

How were the new cyber-attacks mounted?

In a blog post published late on Thursday, Microsoft said the new attacks targeted government agencies involved in foreign policy as part of “intelligence gathering efforts”.

It said at least a quarter of the organisations targeted were involved in international development, humanitarian and human rights work.

While most were in the US, targeted victims spanned at least 24 countries.

Jan 17, 2021: Let’s talk about Biden’s USAID pick and foreign policy stores (How USAID is used to gain influence in other countries)

According to Microsoft, Nobelium, a group originating in Russia, launched this week’s attacks by gaining access to an email marketing account used by the US federal government’s aid agency, USAID.

Hackers then sent emails that looked authentic but included a link which, when clicked, inserted a malicious file enabling the stealing of data and infecting other computers on a network.

A spokesperson for the US Cybersecurity and Infrastructure Security Agency (Cisa) told CBS News authorities were aware of the attack and were trying “to better understand the extent of the compromise and assist potential victims”.

Microsoft said many of the attacks targeting its customers were blocked automatically. It was not immediately clear how many of the attempts led to successful intrusions.

Last year, hackers used US company SolarWinds’ Orion platform to target US government departments, about 100 private companies and small numbers of UK organisations. At the end, nearly 18,000 customers installed the malicious software.

The SVR was blamed by the UK and US for the hack. It has denied involvement.

Can this be stopped?

It was only last month that Washington took aim at Russia’s hackers – calling out the SVR, it’s foreign intelligence agency, for SolarWinds and issuing sanctions for its activity. And yet Moscow shows no sign of being deterred.

The head of the SVR told the BBC it had nothing to do with that last campaign, even suggesting America could have hacked itself. And now Microsoft has discovered a new campaign by the same group.

It may not be as sophisticated or stealthy as the last but it’s very brazenness will be what concerns Washington.

It will further raise the question – with a summit between US President Joe Biden and his Russian counterpart Vladimir Putin in a few weeks – about whether anything can be done to contain this threat.

Published by amongthefray

News with a historical perspective. Fighting against misinformation, hate, and revisionist history.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create your website with
Get started
%d bloggers like this: