According to a warning released late Thursday evening by hackers behind the massive SolarWinds attack they are trying to gain access to the mail systems of thousands in Western governments, think tanks and NGOs that may be opposed to the Russian government. Microsoft.
According to Microsoft, the hackers, dubbed Nobel by researchers, have targeted about 3,000 email accounts at more than 150 organizations. Attempts at piracy were first identified in January this year, but are ongoing, according to the company.
“While organizations in the United States have received the largest number of attacks, the targeted victims cross at least 24 countries,” Microsoft said in a statement. “At least a quarter of the targeted organizations have been involved in international development, humanitarian and human rights work. Nobelium, originally from Russia, is the same player behind the attacks on SolarWinds customers in 2020.”
One of the targets, according to Microsoft, was the United States Agency for International Development (USAID) ‘s constant contact, which is apparently designed to administer foreign aid and encourage business development around the world.
“From there, the plaintiff managed to distribute phishing emails that appeared to be authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor port called NativeZone,” Microsoft explains.
“This backdoor could trigger a wide range of activities from stealing data to infecting other computers on a network,” Microsoft said.
Why would Russia want to go after USAID? Well, the agency has sometimes been used as a regime change tool, such as when USAID secretly created a based on text Twitter version for Cuba in 2010 during an effort to sow anger at the country’s leader Fidel Castro. The Associated Press shared that story in 2014 and Castro died in 2016.
But officially, Microsoft has given up three reasons for recent updates:
First, when accompanied by the attack on SolarWinds, it is clear that a part of Nobelium’s portfolio is to gain access to trusted technology providers and infect its customers. By piggybacking on software updates and now mass e-mail providers, Nobelium increases the chances of collateral damage in espionage operations and diminishes confidence in the technological ecosystem.
Second, perhaps unsurprisingly, the activities of Nobel and that of similar actors tend to follow up with issues of importance to the country from which they operate. This time the Nobel Prize was awarded to several humanitarian and human rights organizations. At the time of the Covid-19 pandemic, Russian actor Strontium look health organizations involved in vaccines. In 2019, Strontium look sports and anti-doping organization. And we’ve already reported activities from Strontium and other players mira major elections in the United States and elsewhere. This is yet another example of how cyberattacks have become the tool of choice for a growing number of nation states to achieve a wide variety of political goals, with the focus of these attacks from the Nobel to human rights and organizations. humanitarian.
Third, the cyberattacks of nation states do not slow down. We need clear rules governing the behavior of nation states in cyberspace and clear expectations of the consequences for violating those rules. We must continue to demonstrate around the progress made by the Call of Paris for Trust and Security in Cyberspace, and more widely adopt the recommendations of the Cybersecurity Technical Agreement, and u CyberPeace Institute. But, we need to do more. Microsoft will continue to work with willing governments and the private sector to advance the cause of digital peace.
The hacker SolarWinds has been one of the worst attacks on computers in the United States, dropping malicious code on some of the most sensitive computer systems managed by the The US government and its contractors. Most people believe that the SolarWinds attack was carried out at the behest of Russian President Vladimir Putin, and Microsoft is not very subtle with its new statement on who is behind this latest attack.
The Nobelium comes from Putin’s critics and they don’t give up, at least if you believe Microsoft, which shouldn’t come as a surprise. It’s just another day in the New Cold War.