Russian hackers behind the SolarWinds spy campaign have carried out a new wave of global cyber attacks by hijacking an email system used by a U.S. government agency, Microsoft said Thursday.
The US technology company he said the group has launched attacks this year targeting 3,000 email accounts in more than 150 government agencies, think tanks, consultancies and non-governmental organizations.
Microsoft began tracking the effort in January, but it attacks climbing this week after hackers cracked down on a mass email system called Constant Contact to pose as the U.S. Agency for International Development. They used it to launch a malicious mail, or phishing, campaign that hackers could perform “a wide range of activities from stealing data to infecting other computers on a network” if a recipient clicked on a link in a message.
The scheme, which Microsoft said was an “active incident,” focused primarily on the United States, but covered at least 24 countries. At least a quarter of those targeted have been involved in international development, humanitarian and human rights work.
The company attributed the attacks to the same Russian group that carried out the crash SolarWinds spying campaign discovered last year, when hackers hijacked software made by Texas-based companies to gain access to U.S. Department of Commerce and the Treasury, as well as other local and federal agencies. U The White House said last month the group was part of the Russian Foreign Intelligence Service.
Joe Biden, the president of the United States, has faced calls to bolster the country’s cyber defenses following the campaign, a recent Espionage campaign supported by the Chinese state which exploited vulnerabilities in Microsoft’s e-mail software and an attack on an SU oil pipeline accompanied by a criminal group this month.
The Biden administration sanctions imposed on Russia and signed an executive order this month requiring higher computer security standards for federal agencies and their technology software providers.
Microsoft said “many of the attacks” aimed at its customers were blocked because automated systems marked email as spam and their systems prevented the software from gaining access.
It is unclear if any organizations have been violated despite these security measures. Microsoft declined to comment.
Tom Burt, Microsoft’s corporate vice president for security and customer trust, said the latest attacks “appear to be a continuation of multiple efforts by [the hackers] to allocate government agencies engaged in foreign policy as part of information gathering efforts ”.
“When accompanied by the attack on SolarWinds, it’s clear that part of it [the hackers’] playbook is about gaining access to trusted technology providers and infecting their customers, ”he added.
Constant Contact said it was “aware that the account credentials of one of our customers were compromised and used by a malicious actor to access the customer’s Constant Contact accounts.”
“This is an isolated incident, and we are temporarily disabling impact accounts while working in cooperation with our client, who works with law enforcement,” he added.
#techFT brings you news, comments and analysis on the big companies, technologies and issues that make up this faster movement of sectors by specialists based around the world. Click here use #techFT in your inbox.