BELOW SUPERNAV drop zone ⇩

‘SolarWinds’ hackers infiltrate USAID network to phish thousands of email accounts

FILE – In this April 1, 2014, file photo, the headquarters for the U.S. Agency for International Development is seen in Washington. The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks using an email marketing account of the U.S. Agency for International Development, Microsoft said, late Thursday, May 27, 2021. (AP Photo/J. David Ake, File)

MAIN AREA TOP drop zone ⇩

MAIN AREA TOP drop zone ⇩

maylen

https://digital-stage.newsnationnow.com/

AUTO TEST CUSTOM HTML 20241114185800

AUTO TEST CUSTOM HTML 20241115200405

AUTO TEST CUSTOM HTML 20241118165728

AUTO TEST CUSTOM HTML 20241118184948

WASHINGTON (NewsNation Now) — The same group that infiltrated several U.S. government agencies and private organizations during the SolarWinds hack breached the US AID network, according to Microsoft.

The company announced the hack in a blog post Thursday saying the attack targeted thousands of individuals and originated with a breach into the USAID network.

“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations. While organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries. At least a quarter of the targeted organizations were involved in international development, humanitarian, and human rights work,” said Microsoft in a statement.

Microsoft noted that many of the attacks were automatically blocked by antivirus software and the company’s own security software. They said they are currently notifying all customers who were targeted in the attack.

“The forensic investigation into this security incident is ongoing,” acting USAID spokesperson Pooja Jhunjhunwala said in a statement. “USAID has notified and is working with all appropriate Federal authorities, including the U.S. Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency.”

The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft, said in a post that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”

Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020, according to Microsoft.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy – easy to detect.

Nobelium launched this week’s attacks by breaking into an email marketing account used by the United States Agency For International Development (USAID) and from there launching phishing attacks on many other organizations, Microsoft said.

Microsoft released photos showing a sample phishing email that the email marketing account organization sent out to infiltrate other organizations.

The hack of information technology company SolarWinds, which was identified in December, gave hackers access to thousands of companies and government offices that used its products. Microsoft President Brad Smith described the attack as “the largest and most sophisticated attack the world has ever seen”.

This month, Russia’s spy chief denied responsibility for the SolarWinds cyber attack but said he was “flattered” by the accusations from the United States and Britain that Russian foreign intelligence was behind such a sophisticated hack.

The United States and Britain have blamed Russia’s Foreign Intelligence Service (SVR), successor to the foreign spying operations of the KGB, for the hack which compromised nine U.S. federal agencies and hundreds of private sector companies.

The attacks disclosed by Microsoft on Thursday appeared to be a continuation of multiple efforts to target government agencies involved in foreign policy as part of intelligence gathering efforts, Microsoft said.

Cybersecurity

Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed

Site Settings Survey

 

MAIN AREA MIDDLE drop zone ⇩

Trending on NewsNation

AUTO TEST CUSTOM HTML 20241119133138

MAIN AREA BOTTOM drop zone ⇩

tt

KC Chiefs parade shooting: 1 dead, 21 shot including 9 kids | Morning in America

Witness of Chiefs parade shooting describes suspect | Banfield

Kansas City Chiefs parade shooting: Mom of 2 dead, over 20 shot | Banfield

WWE star Ashley Massaro 'threatened' by board to keep quiet about alleged rape: Friend | Banfield

Friend of WWE star: Ashley Massaro 'spent hours' sobbing after alleged rape | Banfield

Sunny

la

70°F Sunny Feels like 70°
Wind
6 mph SW
Humidity
30%
Sunrise
Sunset

Tonight

A few passing clouds. Low 47F. Winds light and variable.
47°F A few passing clouds. Low 47F. Winds light and variable.
Wind
2 mph N
Precip
9%
Sunset
Moon Phase
Waning Gibbous