73.56 F
New York
July 31, 2021
CNBC Business

Russian hackers launch major cyberattack through U.S. aid agency’s email system, Microsoft says

Russian hackers launch major cyberattack through U.S. aid agency’s email system, Microsoft says
Spread the Love!

CNBC – For more and to sign up click here

Annette Riedl | Picture Alliance | Getty Images

The Russian hackers thought to be behind the catastrophic SolarWinds attack last year have launched another major cyberattack, Microsoft warned Thursday.

Microsoft said in a blog post that the hacking group, known as Nobelium, had targeted over 150 organizations worldwide in the last week including government agencies, think tanks, consultants, and non-governmental organizations.

They sent phishing emails – spoof messages designed to trick people into handing over sensitive information or downloading harmful software – to more than 3,000 email accounts, the tech giant said.

At least 25% of the targeted organizations are involved in international development, humanitarian, and human rights work, wrote Tom Burt, Microsoft’s corporate vice president of customer security and trust.

 “These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” said Burt.

Organizations across at least 24 countries were targeted, Microsoft said, with the U.S. receiving the largest share of attacks.

The breach has been discovered three weeks before President Joe Biden is scheduled to meet Russian President Vladimir Putin in Geneva.

It also comes a month after the U.S. government explicitly said that the SolarWinds hack was carried out by Russia’s Foreign Intelligence Service (SVR), a successor to the foreign spying operations of the KGB.

The Kremlin said Friday it does not have any information on the cyberattack and that Microsoft needs to answer more questions, including how the attack is linked to Russia, Reuters reported. The Kremlin did not immediately respond to CNBC’s request for comment.

The hack explained

Microsoft said Nobelium gained access to an email marketing account used by the U.S Agency for International Development, which is the federal government’s aid agency. The account is held on a platform called Constant Contact.

Burt said Nobelium used the account to “distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file.”

The file contains a backdoor that Microsoft calls NativeZone that can “enable a wide range of activities from stealing data to infecting other computers on a network,” according to Burt, who said Microsoft is in the process of notifying customers who have been targeted.

The SolarWinds attack, uncovered in December, turned out to be much worse than first expected. It gave the hackers access to thousands of companies and government offices that used SolarWinds IT software.

Microsoft President Brad Smith described the attack as “the largest and most sophisticated attack the world has ever seen”.

Earlier this month, Russia’s spy chief denied responsibility for the SolarWinds cyberattack but said he was “flattered” by the accusations from the U.S and the U.K. that Russian foreign intelligence was behind such a sophisticated hack

Source – Click here for more

To Return to the Main Aggregate News Page – click here

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Click whichever is suitable. Accept Read More