Microsoft: SolarWinds hackers goal 150 organizations with phishing – WISH-TV | Indianapolis Information | Indiana climate

BOSTON (AP) – The -backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear phishing attack on U.S. and foreign government agencies and think tanks this week using a U.S. email marketing account International development agency launched, according to Microsoft.

Efforts were directed against 3,000 email accounts at more than 150 different organizations, at least a quarter of which worked in the areas of international development, humanitarian aid and human rights, Microsoft Vice President Tom Burt said in a blog post late Thursday.

It was not specified which part of the attempts could have led to successful interventions, but many of those targeted at Microsoft customers were automatically blocked. “We are also in the process of notifying all of our customers who have been contacted,” said Burt.

Cybersecurity firm Volexity, which also tracked the campaign but has less insight into email systems than Microsoft, said in a post that relatively low detection rates of the phishing emails suggest that the attacker is “likely to have some success in the.” Violation of goals had “.

Burt said the campaign was a continuation of the multiple efforts of Russian hackers to “target foreign policy agencies” as part of intelligence gathering. He said the targets included at least 24 countries.

The hackers gained access to USAID’s account with Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 are said to contain new information on election fraud incidents in 2020 and a link to malware that allows hackers “permanent access to compromised computers.”

Microsoft said in a separate, technical blog post that the campaign is ongoing and evolved from multiple waves of spear phishing campaigns that were first spotted in January and escalated to this week’s mass mailings.

USAID and Constant Contact did not provide additional details on how the hackers got access. USAID spokeswoman Pooja Jhunjhunwala said Friday that a forensic investigation was ongoing and the agency was working with the agency for cybersecurity and infrastructure security. Constant Contact spokeswoman Kristen Andrews called it an “isolated incident” in which the affected accounts were temporarily disabled.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks, as well as at least nine U.S. government agencies, was extremely clandestine and lasted for much of 2020 before it was discovered by cybersecurity firm FireEye in December, this campaign is accurate the right thing cybersecurity researchers call out loud. Easy to recognize.

Microsoft identified the two mass distribution methods used: The SolarWinds hack took advantage of the software update supply chain from a trusted technology provider. This campaign was piggybacked by a mass email provider.

With both methods, the hackers undermine trust in the technology ecosystem.

As in the SolarWinds campaign, the USAID marketing email exploit was first publicized by private sector actors.


Associate press writer Alan Suderman was from Richmond.

Comments are closed.