Be warned Microsoft regarding an evolving ongoing cyber attack believed to be from the same Russian-related hackers behind the SolarWinds hack.
She said: The attack appears to be targeting government agencies, think tanks, consultants and non-governmental organizations.
Microsoft believes that about 3,000 email accounts have been targeted across 150 organizations. Victims are spread in more than 24 countries, but the majority are in the United States.
Hackers of a group called Nobelium managed to hack into the USAID account via a marketing service called Constant Contact.
This allowed them to send real-looking phishing emails.
Microsoft’s post contains a screenshot of one of these emails, which it claims contains a link to documents about election fraud from Donald Trump.
The link, when clicked, creates a backdoor that allows attackers to steal data or infect other computers over the same network.
A Constant Contact spokesperson said in a statement: We understand that one of our customers’ account data has been compromised and used by a malicious actor to access a customer’s Constant Contact accounts.
“This is an isolated incident, and we have temporarily disabled the affected accounts while we are working in cooperation with our client who works with law enforcement agencies,” he added.
Microsoft says: It believes that many of the attacks were automatically blocked, and that the Windows Defender antivirus also limits the spread of malware.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency endorsed a Microsoft blog and encouraged officials to implement the necessary mitigation measures.
These malicious e-mails are a warning that the cyber attacks against US organizations are showing no signs of abating.
It also shows that hackers are updating their tactics in response to previous attacks that have become overt.
Microsoft is calling for new international standards to govern the behavior of nation-states in cyberspace, along with expectations of the consequences of breaking them.
The US government blamed Russia’s foreign intelligence service, SVR, for hacking SolarWinds.
Russian President Vladimir Putin denied Russia’s involvement in the incident.
The attack is believed to have infiltrated about 100 private sector companies and nine federal agencies.
It is also believed that up to 18,000 SolarWinds customers have been exposed to the malicious code.
In response, President Biden announced new sanctions on Russia and moved to expel 10 Russian diplomats from Washington.