{"id":5785,"date":"2021-05-31T14:50:05","date_gmt":"2021-05-31T12:50:05","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/new-wave-of-phishing-attacks-solarwinds-hackers-target-government-and-ngos"},"modified":"2024-05-07T11:27:03","modified_gmt":"2024-05-07T09:27:03","slug":"new-wave-of-phishing-attacks-solarwinds-hackers-target-government-and-ngos","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/new-wave-of-phishing-attacks-solarwinds-hackers-target-government-and-ngos\/","title":{"rendered":"New Wave of Phishing Attacks: SolarWinds Hackers Target Government and NGOs"},"content":{"rendered":"\n

The group behind the SolarWinds hack is back and has been sending phishing emails to a large number of governmental agencies, companies and NGOs. Microsoft has alerted its customers to this phishing campaign in a recent blog post<\/a>. In Redmond, these repeated attacks are also seen to confirm a long-observed trend.<\/p>\n\n\n\n

Several thousand email accounts impacted<\/h2>\n\n\n\n

According to reports in the media<\/a>, this latest attack has already targeted approximately 3,000 email accounts across more than 150 different organizations \u2013 including government organizations, think tanks, consultants and NGOs. Even though the impacted organizations are spread across 24 countries, the majority of those targeted so far have been based in the United States.<\/p>\n\n\n\n

Analysis indicates that the infamous Russian hacker group Nobelium (also known as APT29 and \u201cCozy Bear\u201d) is behind these attacks. According to experts, this group was also responsible for the SolarWinds hack in fall 2020<\/a>.<\/p>\n\n\n\n

Trustworthy sender: Phishing emails sent from government accounts<\/h2>\n\n\n\n

In the latest case, the attackers first hijacked a marketing service account belonging to the United States Agency for International Development (USAID), which was then leveraged to send phishing mails.<\/p>\n\n\n\n

Microsoft revealed that the phishing emails contained a link which, once clicked, allowed the hackers to access data and infect other computers. The attacks bear the hallmarks of the strategy Nobelium has long been pursuing \u2013 first gain access to technology providers and then infect their customers (known as supply chain attacks). Microsoft has published more in-depth technical background on the methods used by the hackers<\/a> on its Threat Intelligence Center website.<\/p>\n\n\n\n

All-encompassing cybersecurity for the email communication channel<\/h2>\n\n\n\n

The latest attacks once again highlight the vital importance of a comprehensive Email Security<\/a> service with the appropriate phishing filter functionality<\/a> in order to protect enterprise inboxes, regardless of whether they are on-premise or in the cloud. To find out why it is equally advisable to use a cloud-based security service for further protection of your Microsoft 365 environments, take a look at our recent blog post on the subject<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

The hacker group Nobelium is back: The latest attacks were launched using a US government agency account. Comprehensive phishing filters remain a vital necessity. <\/p>\n","protected":false},"author":12,"featured_media":5786,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_s2mail":"yes","footnotes":""},"categories":[8,15],"tags":[102,24,3644],"class_list":["post-5785","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-email-security","tag-phishing","tag-solarwinds"],"acf":[],"yoast_head":"\nErneute Phishing-Welle: Solarwinds-Hacker greifen Beh\u00f6rden und NGOs an<\/title>\n<meta name=\"description\" content=\"Die Hackergruppe Nobelium ist weiter aktiv: Die j\u00fcngsten Attacken erfolgten \u00fcber den Account einer US-Beh\u00f6rde. Umfassende Phishing-Filter bleiben ein Muss.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Wave of Phishing Attacks: SolarWinds Hackers Target Government and NGOs\" \/>\n<meta property=\"og:description\" content=\"Die Hackergruppe Nobelium ist weiter aktiv. Umfassende Phishing-Filter bleiben ein Muss.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/\" \/>\n<meta property=\"og:site_name\" content=\"Retarus Corporate Blog - EN\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-31T12:50:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-07T09:27:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/06\/jon-moore-bBavss4ZQcA-unsplash.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"S\u00f6ren Schulte\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Erneute Phishing-Welle: Solarwinds-Hacker weiter aktiv\" \/>\n<meta name=\"twitter:description\" content=\"Die j\u00fcngsten Attacken erfolgten \u00fcber den Account einer US-Beh\u00f6rde. Umfassende Phishing-Filter bleiben ein Muss.\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"S\u00f6ren Schulte\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/\",\"name\":\"Erneute Phishing-Welle: Solarwinds-Hacker greifen Beh\u00f6rden und NGOs an\",\"isPartOf\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/06\/jon-moore-bBavss4ZQcA-unsplash.jpg\",\"datePublished\":\"2021-05-31T12:50:05+00:00\",\"dateModified\":\"2024-05-07T09:27:03+00:00\",\"author\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/da5eb37e5936738ea4e12be8b429433d\"},\"description\":\"Die Hackergruppe Nobelium ist weiter aktiv: Die j\u00fcngsten Attacken erfolgten \u00fcber den Account einer US-Beh\u00f6rde. Umfassende Phishing-Filter bleiben ein Muss.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/#primaryimage\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/06\/jon-moore-bBavss4ZQcA-unsplash.jpg\",\"contentUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/06\/jon-moore-bBavss4ZQcA-unsplash.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"Schl\u00f6sser Sicherheit Email Security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.retarus.com\/blog\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Wave of Phishing Attacks: SolarWinds Hackers Target Government and NGOs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/\",\"name\":\"Retarus Corporate Blog - EN\",\"description\":\"Always up to date\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/da5eb37e5936738ea4e12be8b429433d\",\"name\":\"S\u00f6ren Schulte\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/author\/sschulte\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Erneute Phishing-Welle: Solarwinds-Hacker greifen Beh\u00f6rden und NGOs an","description":"Die Hackergruppe Nobelium ist weiter aktiv: Die j\u00fcngsten Attacken erfolgten \u00fcber den Account einer US-Beh\u00f6rde. Umfassende Phishing-Filter bleiben ein Muss.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/","og_locale":"en_US","og_type":"article","og_title":"New Wave of Phishing Attacks: SolarWinds Hackers Target Government and NGOs","og_description":"Die Hackergruppe Nobelium ist weiter aktiv. Umfassende Phishing-Filter bleiben ein Muss.","og_url":"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/","og_site_name":"Retarus Corporate Blog - EN","article_published_time":"2021-05-31T12:50:05+00:00","article_modified_time":"2024-05-07T09:27:03+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/06\/jon-moore-bBavss4ZQcA-unsplash.jpg","type":"image\/jpeg"}],"author":"S\u00f6ren Schulte","twitter_card":"summary_large_image","twitter_title":"Erneute Phishing-Welle: Solarwinds-Hacker weiter aktiv","twitter_description":"Die j\u00fcngsten Attacken erfolgten \u00fcber den Account einer US-Beh\u00f6rde. Umfassende Phishing-Filter bleiben ein Muss.","twitter_misc":{"Written by":"S\u00f6ren Schulte","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/","url":"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/","name":"Erneute Phishing-Welle: Solarwinds-Hacker greifen Beh\u00f6rden und NGOs an","isPartOf":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/#primaryimage"},"image":{"@id":"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/#primaryimage"},"thumbnailUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/06\/jon-moore-bBavss4ZQcA-unsplash.jpg","datePublished":"2021-05-31T12:50:05+00:00","dateModified":"2024-05-07T09:27:03+00:00","author":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/da5eb37e5936738ea4e12be8b429433d"},"description":"Die Hackergruppe Nobelium ist weiter aktiv: Die j\u00fcngsten Attacken erfolgten \u00fcber den Account einer US-Beh\u00f6rde. Umfassende Phishing-Filter bleiben ein Muss.","breadcrumb":{"@id":"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/#primaryimage","url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/06\/jon-moore-bBavss4ZQcA-unsplash.jpg","contentUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/06\/jon-moore-bBavss4ZQcA-unsplash.jpg","width":1920,"height":1080,"caption":"Schl\u00f6sser Sicherheit Email Security"},{"@type":"BreadcrumbList","@id":"https:\/\/www.retarus.com\/blog\/en\/erneute-phishing-welle-solarwinds-hacker-greifen-behoerden-und-ngos-an\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.retarus.com\/blog\/en\/"},{"@type":"ListItem","position":2,"name":"New Wave of Phishing Attacks: SolarWinds Hackers Target Government and NGOs"}]},{"@type":"WebSite","@id":"https:\/\/www.retarus.com\/blog\/en\/#website","url":"https:\/\/www.retarus.com\/blog\/en\/","name":"Retarus Corporate Blog - EN","description":"Always up to date","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/da5eb37e5936738ea4e12be8b429433d","name":"S\u00f6ren Schulte","url":"https:\/\/www.retarus.com\/blog\/en\/author\/sschulte\/"}]}},"_links":{"self":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/5785","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/comments?post=5785"}],"version-history":[{"count":17,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/5785\/revisions"}],"predecessor-version":[{"id":10480,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/5785\/revisions\/10480"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media\/5786"}],"wp:attachment":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media?parent=5785"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/categories?post=5785"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/tags?post=5785"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}