After the SolarWind (SWI) hack in early 2020 and the Colonial Pipeline hack in May 2021, Microsoft (MSFT) fears that the Russian hacking group known as Nobelium has infiltrated into the systems of the US Agency for International Development, a State Department agency for foreign aid.
On Thursday, Microsoft blew a whistle that the group might have probed into the email system of the agency and have sent malicious emails to 3000 accounts spanning 150 companies.
According to the CISA, the Cybersecurity and Infrastructure Security Agency, the FBI is coordinating with USAID to understand the problem and the extent of danger it may pose. The event coincides with the US imposing sanctions on Russia for alleged election interference and widespread cybercrimes.
Microsoft claims that it initially observed and tracked the campaign from the start of this year, which evolved over a series of waves demonstrating significant experimentation. However, on Tuesday, May 25, the campaign escalated after the hackers “leveraged the legitimate mass-mailing service, Constant Contact, to masquerade as a US-based development organization and distribute malicious URLs to a wide variety of organizations and industry verticals.”
For the malware to damage, all it requires from the recipient of the mail is to click on the URL and it will give the hackers prolonged access to the system which they can use to “conduct action-on objectives, such as lateral movement, data exfiltration, and delivery of additional malware.”
Tom Burt, Microsoft’s CVP of customer security and trust said, “These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as a part of the intelligence-gathering effort.”
While Kremlin has kept their lips pursed, the discovery of this news three weeks before the Geneva summit is what keeping the intelligence officers on their toes.
Source: Read Full Article