Microsoft says another wave of cyber attacks by Russia has targeted government agencies and human rights groups in 24 countries, mostly in the US.
It said some 3,000 email accounts at more than 150 different organizations have been attacked this week, the BBC reported on Friday (28/5/2021).
Microsoft says the group responsible is the same group as the perpetrators of last year’s SolarWinds attack. There is also an attack that was accused of being carried out by the Russian Foreign Intelligence Service (SVR).
Russia denies both cyber attacks. On Friday (28/5/2021), the Kremlin confirmed that it was not aware of the latest hack. Instead, Russia asked the US technology giant to answer further questions, including how the attack was linked to Russia.
The latest cyber attack
In a blog post published late Thursday (27/5/2021), Microsoft said the new attacks targeted government agencies involved in foreign policy.
The raid operation is believed to have been carried out as part of an “intelligence gathering effort”. A quarter of the organizations targeted by the Russian cyberattack are said to be involved in international development, humanitarian work and human rights. Most of them are in the US, and have operations spanning at least 24 countries.
Microsoft says Nobelium (a group from Russia), launched the attack this week. The hackers took advantage of a marketing email account, which is used by the US federal government aid agency, USAID.
The group then sent an email that looked genuine, but included a link that infiltrated the malicious file once it was clicked. The hacker’s files allow data theft and infect other computers on the network. A spokesman for the US Agency for Cyber Security and Infrastructure (Cisa) told CBS News that authorities were aware of the attack. They are trying to “better understand the extent of the hacking, and help potential victims.” According to Microsoft, many attacks targeting its customers have been blocked automatically.
It was not immediately clear how many successful attempts to cause disruption. Last year, hackers used the US company SolarWinds’ Orion platform to target US government departments, some 100 private companies, and a small number of British organizations. In the end, nearly 18,000 customers installed the malicious software. SVR was blamed by the UK and US for the hack. But denied involvement.
Just last month Washington targeted Russian hackers, and labeled the SVR the Kremlin’s foreign intelligence agency, in connection with the SolarWinds attack. The US also issued sanctions for the group’s activities. But Moscow shows no sign of budging. The head of the SVR told the BBC it had nothing to do with the latest attack. In fact, the SVR accuses the US of hacking itself. And now Microsoft has found a new campaign from the same group.
This latest attack may not be as crucial and secretive as the last one, but what concerns Washington is the nonchalance of the perpetrators. The incident raises questions regarding a summit between US President Joe Biden and his Russian rival Vladimir Putin in weeks. In particular the issue relates to whether anything can be done to contain this threat.
