Microsoft last night warned that the same pro-Russia hackers that carried out the SolarWinds attack last year are now targeting human rights groups and other organizations that are critical of Russian president Vladimir Putin.
“This week we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations,” Microsoft corporate vice president Tom Burt explains. “Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020. These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts.”
The awkwardly-timed discovery comes just weeks before U.S. president Joseph Biden is scheduled to meet with Mr. Putin in Geneva.
According to Microsoft, Nobelium broke into an email account at a supplier used by the U.S. State Department and sent out 3,000 malicious phishing emails to over 150 organizations with ties to the United States Agency for International Development (USAID), with the goal of setting up backdoors into their networks. Microsoft believes the attacks are ongoing.
“When coupled with the attack on SolarWinds, it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers,” Mr. Burt continues. “By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem.”
“Nation-state cyberattacks aren’t slowing,” he concludes. “We need to do more. Microsoft will continue to work with willing governments and the private sector to advance the cause of digital peace.”
Tagged with Security