The Russian hackers behind last year’s massive SolarWinds data breach are back in action — and have targeted more than 150 organizations this week, according to Microsoft.
The group, known as Nobelium, has targeted government agencies, think tanks, consultants and non-governmental organizations, Microsoft said. The majority of the victims are located in the US, but organizations in 24 countries have been targeted, according to the company.
This week’s attack reportedly escalated after the hackers gained access to an online email marketing account used by the United States Agency for International Development, the foreign aid and development assistance arm of the federal government.
The hackers then used the mass-emailing marketing service Constant Contact on Tuesday to imitate the agency and “distribute malicious URLs to a wide variety of organizations and industry verticals,” Microsoft said in a Thursday blog post, adding that about 3,000 email accounts were targeted.
“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Microsoft vice president of customers security and trust Tom Burt wrote in another blog post.
The hacking campaign was known to Microsoft starting in January but escalated significantly when Nobelium accessed the USAID account this week, according to Microsoft.
“When coupled with the attack on SolarWinds, it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers,” Burt said.
Nobelium first gained notoriety in December 2020 after gaining access to email accounts belonging to key US government officials, including then-acting Secretary of the Department of Homeland Security Chad Wolf and several members of the department’s cybersecurity team.
The Russian government has denied responsibility for Nobellium’s actions, but US President Joe Biden has blamed Moscow for the SolarWinds hack and sanctioned Russian government and intelligence officials in retaliation.
Microsoft stopped short of blaming Russia’s government for the attack in Thursday’s blog posts, but said that the goals of the hackers seemed to align with Moscow’s foreign policy goals.
“Nobelium’s activities and that of similar actors tend to track with issues of concern to the country from which they are operating,” said Burt. “This is yet another example of how cyberattacks have become the tool of choice for a growing number of nation-states to accomplish a wide variety of political objectives, with the focus of these attacks by Nobelium on human rights and humanitarian organizations.”
This week’s events are sure to increase tension when Biden meets with Russian President Vladimir Putin on June 16 — the first face-to-face encounter between the two men since Biden was elected president.