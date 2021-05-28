Clear

Microsoft says SolarWinds hackers have struck again at the US and other countries

The hackers behind the SolarWinds attack have launched a new global cyberattack on more than 150 government agencies, think tanks and other organizations, according to Microsoft. CNN's Matthew Chance reports.

Posted: May 28, 2021 10:10 AM
Updated: May 28, 2021 10:10 AM
Posted By: By Jill Disis and Zahid Mahmood, CNN Business

The hackers behind one of the worst data breaches ever to hit the US government have launched a new global cyberattack on more than 150 government agencies, think tanks and other organizations, according to Microsoft.

The group, which Microsoft calls "Nobelium," targeted 3,000 email accounts at various organizations this week — most of which were in the United States, the company said in a blog post Thursday.

It believes the hackers are part of the same Russian group behind last year's devastating attack on SolarWinds — a software vendor — that targeted at least nine US federal agencies and 100 companies.

Cybersecurity has been a major focus for the US government following the revelations that hackers had put malicious code into a tool published by SolarWinds. A ransomware attack that shut down one of America's most important pieces of energy infrastructure — the Colonial Pipeline — earlier this month has only heightened the sense of alarm. That attack was carried out by a criminal group originating in Russia, according to the FBI.

Microsoft said that at least a quarter of the targets of this week's attacks were involved in international development, humanitarian, and human rights work, across at least 24 countries. It said Nobelium launched the attack by gaining access to a Constant Contact email marketing account used by the US Agency for International Development (USAID).

"These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts," the company said.

USAID acting spokesperson Pooja Jhunjhunwala said Friday that the agency was aware of "potentially malicious email activity" from a compromised Constant Contact marketing account. A forensic investigation into the incident is ongoing, added Jhunjhunwala.

The White House's National Security Council and the US Cybersecurity and Infrastructure Security Agency (CISA) are both aware of the incident, according to spokespeople. CISA is "working with the FBI and USAID to better understand the extent of the compromise and assist potential victims," a spokesperson said.

By gaining access to USAID's account, the hackers were able to send out phishing emails that Microsoft said "looked authentic but included a link that, when clicked, inserted a malicious file" that allowed the hackers to access computers through a backdoor.

"This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network," Microsoft said.

One of the fake emails that appeared to originate from USAID included an authentic sender address. The email posed as a "special alert" that invited recipients to click on a link to "view documents" from former President Donald Trump on election fraud.

Microsoft said that many of the attacks were blocked automatically. The company is notifying customers who were targeted, and said it has "no reason to believe these attacks involve any exploit against or vulnerability in Microsoft's products or services."

A spokesperson for Constant Contact said the company is "aware that the account credentials of one of our customers were compromised," describing it as an "isolated" incident. "We have temporarily disabled the impacted accounts while we work in cooperation with our customer, who is working with law enforcement," the spokesperson added.

At the time of the SolarWinds hack, US intelligence and law enforcement agencies said the group responsible "likely originated in Russia," adding that the attack was believed to be an act of espionage.

Microsoft reiterated those suspected motivations in its Thursday blog post, saying that "when coupled with the attack on SolarWinds, it's clear that part of Nobelium's playbook is to gain access to trusted technology providers and infect their customers."

"By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem," the company said.

The latest disclosure shows how Russia has been undeterred by recent US efforts to hold the Kremlin accountable and bolster cybersecurity following the SolarWinds campaign, said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies.

"The Russians have a campaign plan for massive attacks against US targets, for which they have no incentive to stop," Lewis said. "They aren't afraid of the US response. They are testing the new administration."

Kremlin spokesman Dmitry Peskov on Friday refused to comment on the specifics of Microsoft's allegations.

"To answer your question we first need to answer the following: which groups? Why are they linked to Russia? Who attacked what? What did this lead to? What was the attack itself? And how does Microsoft know about it? If all of these questions are answered, we can think about the response [to your question]," Peskov told CNN in a conference call with journalists.

He added that he didn't think the allegations would affect the upcoming summit between US President Joe Biden and Russian President Vladimir Putin.

— Anna Chernova, Zahra Ullah, Jennifer Hansler, Brian Fung and Alex Marquardt contributed to this article.

Related Content

Scroll for more content...
Terre Haute
Cloudy
67° wxIcon
Hi: 67° Lo: 64°
Feels Like: 67°
Robinson
Cloudy
66° wxIcon
Hi: 70° Lo: 64°
Feels Like: 66°
Indianapolis
Cloudy
66° wxIcon
Hi: 67° Lo: 65°
Feels Like: 66°
Rockville
Cloudy
56° wxIcon
Hi: 65° Lo: 63°
Feels Like: 56°
Casey
Cloudy
58° wxIcon
Hi: 67° Lo: 65°
Feels Like: 58°
Brazil
Cloudy
67° wxIcon
Hi: 67° Lo: 65°
Feels Like: 67°
Marshall
Cloudy
67° wxIcon
Hi: 67° Lo: 64°
Feels Like: 67°
Scattered Showers & Thundershowers
WTHI Planner
WTHI Temps
WTHI Radar

Most Popular Stories

Latest Video

Image

Sullivan man arrested, accused of sex crimes against a child

Image

Friday: Scattered showers and maybe a thundershower. Breezy and turning cooler. High: 69°

Image

Edgewood ends West Vigo season

Image

South Vermillion Softball Claims Their 4th Straight Sectional Title

Image

South Vermillion wins softball sectional title on walk-off

Image

Will Staal leaving THS

Image

Dillion taking over at THN

Image

Local gym makes an economic rebound

Image

Brood X Cicadas arrive at West Boggs Park

Image

Pickleball courts coming to Washington

WTHI Events

 

In Case You Missed It

${article.thumbnail.title}

Trace Adkins: The Way I Wanna Go Tour

${article.thumbnail.title}

After putting their 2020 event on hold - Pedal Putnam set for this fall

Image

SCAM ALERT: Rental car shortage leads to phony deals

Image

SCAM ALERT: Protect yourself from scams during National Moving Month

${article.thumbnail.title}

SCAM ALERT: Don't be duped by cute faces

${article.thumbnail.title}

SCAM ALERT: Fake free trials for CBD

${article.thumbnail.title}

Scam Alert: Homework Extortion

${article.thumbnail.title}

SCAM ALERT: Don't fall for travel cons

${article.thumbnail.title}

Family returns lost wallet full of cash, gets rewarded for good deed

Image

Isolated wetlands at risk with new Senate Bill

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Cases: 1379197

Reported Deaths: 25101
CountyCasesDeaths
Cook55246610261
DuPage916581296
Will764721012
Lake679411003
Kane59088788
Winnebago33752489
Madison30769522
McHenry28983290
St. Clair28072517
Peoria23358328
Champaign20925148
Sangamon18970237
McLean18448182
Tazewell17118298
Rock Island15176320
Kankakee14397213
Kendall1320996
LaSalle12694247
Macon10909206
DeKalb10026120
Vermilion9892135
Adams8596124
Williamson7500133
Whiteside7186172
Boone677575
Ogle616283
Grundy595276
Clinton577590
Coles572799
Knox5607152
Jackson507064
Henry505069
Livingston486787
Stephenson480184
Woodford479779
Macoupin475987
Effingham474372
Franklin450776
Marion4491116
Jefferson4405121
Monroe436894
Lee418452
Randolph414586
Fulton402359
Logan393562
Morgan391682
Christian377073
Montgomery376974
Bureau375782
Fayette319655
Perry319260
Iroquois307466
McDonough289050
Jersey270650
Douglas259834
Saline258555
Lawrence240725
Shelby231237
Union226440
Crawford213326
Bond208024
Cass200427
Ford183348
Jo Daviess182424
Warren182347
Clark182233
Wayne180253
Pike179953
Hancock178131
Carroll176436
Richland175940
Edgar174140
White170226
Washington164825
Moultrie162128
De Witt155628
Mason153045
Piatt151914
Clay148643
Mercer148634
Johnson146115
Greene144833
Massac135440
Wabash135012
Cumberland129719
Menard124112
Jasper115618
Marshall108119
Hamilton83815
Schuyler7757
Brown7236
Pulaski6957
Stark64324
Edwards57412
Henderson52714
Calhoun5192
Putnam4863
Scott4841
Alexander47011
Gallatin4624
Hardin38912
Pope3264
Out of IL10
Unassigned02383

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Cases: 742353

Reported Deaths: 13583
CountyCasesDeaths
Marion1016881760
Lake54864994
Allen41321685
St. Joseph36681557
Hamilton36102410
Elkhart29129449
Tippecanoe22650222
Vanderburgh22458398
Porter19158320
Johnson18194382
Hendricks17456316
Clark13098192
Madison12871340
Vigo12538251
LaPorte12256219
Monroe12042172
Delaware10867189
Howard10142222
Kosciusko9554117
Hancock8446142
Bartholomew8122156
Warrick7823155
Floyd7713179
Grant7164175
Wayne7114199
Boone6823102
Morgan6665140
Dubois6186117
Marshall6176114
Cass5946107
Dearborn586178
Henry5845106
Noble573285
Jackson506174
Shelby498296
Lawrence4661121
Gibson441592
Harrison438373
DeKalb435585
Clinton432353
Montgomery428189
Whitley402440
Huntington398880
Steuben394557
Miami387868
Jasper379552
Knox374590
Putnam367660
Wabash358281
Adams343955
Ripley343470
Jefferson332982
White322653
Daviess300199
Wells293681
Decatur288192
Fayette283863
Greene283585
Posey272634
LaGrange270971
Scott268355
Clay262547
Randolph243582
Washington243233
Spencer233431
Jennings232849
Starke224655
Fountain215846
Sullivan212642
Owen207356
Jay199231
Fulton197841
Carroll191920
Orange187254
Perry185837
Rush174725
Vermillion171444
Franklin169335
Tipton164645
Parke147516
Pike136434
Blackford135332
Pulaski118246
Newton110835
Brown103141
Crawford101616
Benton99314
Martin90715
Warren82915
Switzerland8018
Union72510
Ohio57711
Unassigned0416