Microsoft announced Thursday that the Russian hackers behind last year’s SolarWinds data breach have now launched a new global cyberattaack aimed at government agencies and human rights groups in 24 countries, most in the U.S.
According to Microsoft, Nobelium, a hacker group that is believed to be run by Russia’s Foreign Intelligence Service, launched an attack this week targeting 3,000 email accounts at more than 150 government agencies, think tanks, and other organizations.
“This week we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations,” Microsoft corporate vice president Tom Burt said in a written statement. “Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020. These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts.”
The hackers launched this week’s attacks by gaining access to an email marketing account used by the US federal government’s aid agency, USAID. Hackers then sent emails that looked authentic but included a link which, when clicked, inserted a malicious file enabling the stealing of data and infecting other computers on a network.
A spokesperson for the US Cybersecurity and Infrastructure Security Agency (Cisa) told CBS News they were aware of the attack and were trying “to better understand the extent of the compromise and assist potential victims”.
Russia has denied both cyber-attacks, Newsweek reports.
The Kremlin on Friday said it had no knowledge of the latest hacks, and called on Microsoft to answer further questions, including how it was linked to Russia.