The group behind the SolarWinds hack is back and has been sending phishing emails to a large number of governmental agencies, companies and NGOs. Microsoft has alerted its customers to this phishing campaign in a recent blog post. In Redmond, these repeated attacks are also seen to confirm a long-observed trend.
Several thousand email accounts impacted
According to reports in the media, this latest attack has already targeted approximately 3,000 email accounts across more than 150 different organizations – including government organizations, think tanks, consultants and NGOs. Even though the impacted organizations are spread across 24 countries, the majority of those targeted so far have been based in the United States.
Analysis indicates that the infamous Russian hacker group Nobelium (also known as APT29 and “Cozy Bear”) is behind these attacks. According to experts, this group was also responsible for the SolarWinds hack in fall 2020.
Trustworthy sender: Phishing emails sent from government accounts
In the latest case, the attackers first hijacked a marketing service account belonging to the United States Agency for International Development (USAID), which was then leveraged to send phishing mails.
Microsoft revealed that the phishing emails contained a link which, once clicked, allowed the hackers to access data and infect other computers. The attacks bear the hallmarks of the strategy Nobelium has long been pursuing – first gain access to technology providers and then infect their customers (known as supply chain attacks). Microsoft has published more in-depth technical background on the methods used by the hackers on its Threat Intelligence Center website.
All-encompassing cybersecurity for the email communication channel
The latest attacks once again highlight the vital importance of a comprehensive Email Security service with the appropriate phishing filter functionality in order to protect enterprise inboxes, regardless of whether they are on-premise or in the cloud. To find out why it is equally advisable to use a cloud-based security service for further protection of your Microsoft 365 environments, take a look at our recent blog post on the subject.