Written by FRANK BAJAK

The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft said.

The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

It did not say what portion of the attempts may have led to successful intrusions.

The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft, said in a post that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”

Microsoft said in a separate blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy. Easy to detect.

Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the supply chain of a trusted technology provider’s software updates; this campaign piggybacked on a mass email provider.

With both methods, the company said, the hackers undermine trust in the technology ecosystem.

 

Related Stories
Phishing Ploy Targets COVID-19 Vaccine Distribution Effort
IBM security researchers say they have detected a cyberespionage effort using targeted phishing emails to try to collect vital information on the World Health Organization’s initiative for distributing COVID-19 vaccine to developing countries. The researchers said they could not be sure who was behind the campaign, which began in September, or if it was successful. […]
Experts Say Twitter Breach Troubling, Undermines Trust
A breach in Twitter’s security that allowed hackers to break into the accounts of leaders and technology moguls is one of the worst attacks in recent years and may shake trust in a platform politicians and CEOs use to communicate with the public, experts said Thursday. The ruse discovered Wednesday included bogus tweets from Barack […]
US Intelligence Officials Say Iran Is To Blame for Hacks Targeting Trump, Biden-Harris Campaigns
U.S. intelligence officials said Monday they were confident that Iran was responsible for the hack of Donald Trump’s presidential campaign.
Ransomware Criminals Are Dumping Kids’ Private Files Online After School Hacks
Written by FRANK BAJAK, HEATHER HOLLINGSWORTH AND LARRY FENN The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts. “Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an […]
Iran Releases Footage From Prison Fire, Adding to Mystery
Written by THE ASSOCIATED PRESS Iran on Sunday released security footage that it said came from its notorious Evin Prison the night a fire broke out that killed at least eight inmates, an effort to clarify the government’s narrative amid growing international pressure. The purported CCTV footage of the mayhem last weekend only added to […]
Largest Meat Producer Getting Back Online After Cyberattack
Written by ROD McGUIRK and DEE-ANN DURBIN The world’s largest meat processing company is getting back online after production around the world was disrupted by a cyberattack just weeks after a similar incident shut down a U.S. oil pipeline. Brazil’s JBS SA said late Tuesday that it had made “significant progress” in dealing with the […]
How the Kremlin Provides a Safe Harbor for Ransomware
Written by FRANK BAJAK A global epidemic of digital extortion known as ransomware is crippling local governments, hospitals, school districts and businesses by scrambling their data files until they pay up. Law enforcement has been largely powerless to stop it. One big reason: Ransomware rackets are dominated by Russian-speaking cybercriminals who are shielded — and sometimes […]
In Florida City, Hackers Try To Poison the Drinking Water
A hacker gained unauthorized entry to the system controlling the water treatment plant of a Florida city of 15,000 and tried to taint the water supply with a caustic chemical, exposing a danger cybersecurity experts say has grown as systems become both more computerized and accessible via the internet. The hacker who breached the system […]
Chatham County Nearing Full Recovery from 'Cyber Incident', Cause Still Unclear
While the U.S. government is beginning to uncover and react to an expansive cybersecurity breach into branches and departments, one local government is close to recovery from a similar attack. Chatham County is nearing the point where it was before October 28, when a cyber incident disrupted the government’s phone lines, email networks and other […]
U.S. Cybersecurity Agency Warns of ‘Grave’ Threat From Hack
U.S. authorities are expressing increased alarm about an intrusion into computer systems around the globe that officials suspect was carried by Russia. The cybersecurity unit of the Department of Homeland Security said Thursday that the hack “poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical […]