Annette Riedl | Picture Alliance | Getty Images
The Russian hackers believed to be behind the catastrophic SolarWinds attack last year launched another major cyberattack, Microsoft warned Thursday.
Microsoft said in a blog post that the hacking group known as Nobelium attacked over 150 organizations worldwide in the past week, including government agencies, think tanks, consultants and non-governmental organizations.
They sent phishing emails – fake messages designed to trick people into disclosing sensitive information or downloading malicious software – to more than 3,000 email accounts, the tech giant said.
At least 25% of the target organizations are involved in international development, humanitarian and human rights work, wrote Tom Burt, corporate vice president of customer security and trust at Microsoft.
“These attacks appear to be a continuation of Nobelium’s multiple intelligence-gathering efforts to target government foreign policy agencies,” Burt said.
According to Microsoft, organizations in at least 24 countries have been affected, with the US receiving the largest share of attacks.
The violation was discovered three weeks before President Joe Biden’s scheduled meeting with Russian President Vladimir Putin in Geneva.
It also comes a month after the US government explicitly stated that the SolarWinds hack was carried out by the Russian Foreign Intelligence Service (SVR), a successor to the KGB’s overseas espionage operations.
The Kremlin said Friday it had no information about the cyber attack and Microsoft needed to answer more questions, including how the attack relates to Russia, Reuters reported. The Kremlin did not immediately respond to CNBC’s request for comment.
The hack explained
According to Microsoft, Nobelium has gained access to an email marketing account used by the U.S. Agency for International Development, the federal government’s aid agency. The account is managed on a platform called Constant Contact.
Burt said Nobelium used the account to “distribute phishing emails that looked authentic but contained a link that inserted a malicious file when clicked”.
The file contains a backdoor, which Microsoft calls NativeZone, which “can enable a wide variety of activities from stealing data to infecting other computers on a network,” Burt said. Microsoft is in the process of notifying customers who have been targeted.
The SolarWinds attack uncovered in December turned out to be much worse than initially expected. It gave the hackers access to thousands of companies and government agencies that were using SolarWinds IT software.
Microsoft President Brad Smith described the attack as “the biggest and most sophisticated attack the world has ever seen”.
Earlier this month, Russia’s spy chief denied responsibility for the SolarWinds cyberattack, but said he was “flattered” by US and UK allegations that Russian foreign intelligence was behind such a sophisticated hack