 "SolarWinds hackers targeting 150 organisations with phishing: Microsoft")
The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on US and foreign government agencies and think tanks this week using an email marketing account of the US Agency for International Development, Microsoft said.
The effort targeted about 3,000 email accounts at more than 150 different organisations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.
It did not say what portion of the attempts may have led to successful intrusions.
The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft, said in a post that relatively low detection rates of the phishing emails suggest the attacker was likely having some success in breaching targets.
Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to target government agencies involved in foreign policy as part of intelligence gathering efforts. He said the targets spanned at least 24 countries.
The hackers gained access to USAID's account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to achieve persistent access to compromised machines.
Microsoft said in a separate blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.
While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy. Easy to detect.
Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the supply chain of a trusted technology provider's software updates; this campaign piggybacked on a mass email provider.
With both methods, the company said, the hackers undermine trust in the technology ecosystem.
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app