The Russian company Nobelium is using the USAID email system to hack, Microsoft says

We are thrilled to have you on our site. If you enjoy the post you have just found kindly Share it with friends.

Annette Riddle | Image Alliance | Getty Images

Russian hackers believe they are behind SolarWinds Catastrophic Attack Last year it launched another major cyberattack, Microsoft President Joe Biden warned three weeks before meeting Russian President Vladimir Putin.

Microsoft said in Blog post Thursday that the hacking group, known as Nobelium, targeted more than 150 organizations worldwide in the past week, including government agencies, think tanks, consultants and NGOs.

The tech giant said they have sent phishing emails – scams designed to trick people into delivering sensitive information or downloading malware – to more than 3,000 email accounts.

Tom Burt, Microsoft’s vice president of client security and trust, said that at least 25% of the targeted organizations are in international development, humanitarian work and human rights.

“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence-gathering efforts,” Burt said.

Microsoft said organizations in at least 24 countries were targeted, with the United States receiving the largest share of the attacks.

The breach was discovered three weeks before the Biden Putin summit in Geneva on June 16.

It also comes a month after the US government openly announced that the SolarWinds hack had been carried out by the Russian company SVR, the successor to the foreign espionage operations of the Soviet KGB.

The Kremlin said on Friday that it had no information about the cyber attack and that Microsoft needed to answer more questions, including how the attack relates to Russia, Reuters reported. The Kremlin did not immediately respond to CNBC’s request for comment.

Breakthrough explained

Burt said Nobelium used the account to “distribute fraudulent emails that appeared original but included a link that, when clicked, listed a malicious file.”

The file contains a back door that Microsoft calls NativeZone, which can “enable a wide range of activities from stealing data to infecting other computers on the network,” according to Burt, who said Microsoft is in the process of notifying customers who have been targeted.

A Constant Contact spokesperson told CNBC that the company understands that one of its customer’s account credentials has been compromised and used by a malicious actor to access a customer’s Constant Contact accounts.

“This is an isolated incident,” they said, “and we have temporarily disabled the affected accounts while working in cooperation with our client who works with law enforcement.”

Steve Forbes, a government cybersecurity expert at the Nominet domain name manager, explained the risks of these types of breaches.

“Phishing attacks are basically a numbers game, and the attackers are playing the odds,” he said in a statement. “If they target 3,000 accounts, it will only take one employee to click on the link to create a back door for hackers in a government institution.”

The SolarWinds attack, unveiled in December, turned out to be much worse than initially expected. It gave hackers access to thousands of companies and government offices that use SolarWinds IT software.

Microsoft chief Brad Smith described the attack as “the largest and most sophisticated attack the world has ever seen”.

Earlier this month, the head of Russian intelligence denied responsibility for the SolarWinds cyber attack, but said he was “satisfied” with accusations from the United States and the United Kingdom that Russian foreign intelligence was behind such a complex hack.

.

Disclaimer: The opinions expressed within this article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of Algulf.net and Algulf.net does not assume any responsibility or liability for the same.

Leave a Reply

Your email address will not be published. Required fields are marked *