Russian hackers backing SolarWinds ’intelligence campaign have launched a new attack on the cyber world by hijacking an email system used by a U.S. government agency, according to Microsoft on Thursday.
The US technology company SAYS the group launched attacks this year targeting 3,000 email accounts of more than 150 government agencies, think-tanks, consultants and non-governmental organizations.
Microsoft began tracking the effort in January, but the attacks grew this week after hackers hijacked a mass email system called Constant Contact to appear as the United States Agency for International Development. They use it to launch a malicious email, or phishing, campaign in which hackers can perform “multiple activities from stealing data to affecting other computers on a network” if a recipient is click on a link in a message.
The scheme, which Microsoft said was an “active incident”, primarily focused on the US but reached at least 24 countries. At least a quarter of the targets are related to international development, humanitarian work and human rights.
The company says the attacks were by the same Russian group that carried out the explosion. SolarWinds surveillance campaign discovered last year, when hackers hijacked software made by the Texas-based company to access the U.S. department of commerce and Treasury, as well as other local and federal agencies. the Said the White House last month the group about the Russian Foreign Intelligence Service.
Joe Biden, the head of the United States, faced calls to strengthen the country’s cyber defense after the campaign, recently Chinese state -supported spy campaign exploiting vulnerabilities in Microsoft’s email software and an attack on the US petroleum pipeline company of a criminal group this month.
Microsoft says “most of the attacks” targeting its customers are blocked because automated systems mark emails as spam and its systems block malicious software from accessing.
It is unclear if any organizations have violated despite these security measures. Microsoft declined to comment.
Tom Burt, vice president of corporate security and customer trust at Microsoft, said the latest attacks “seem to be a continuation of many efforts to [the hackers] to target government agencies involved in foreign policy as part of intelligence -gathering efforts ”.
“When it comes to attacking SolarWinds, that’s clearly part of [the hackers’] The playbook is to gain access to trusted technology providers and attract their customers, ”he added.
Constant Contact states that it “is aware that the account credentials of one of our customers have been compromised and used by a malicious artist to access the customer’s Constant Contact accounts.”
“This is an isolated incident, and we have temporarily released the affected accounts while we work in cooperation with our customer, who is working on law enforcement,” it added.
#techFT brings you news, comment and analysis on major companies, technologies and issues shaping the fastest moving sectors from specialists based around the world. Click here to get #techFT in your inbox.