The group of hackers, titled “Nobelium” by Microsoft, who were behind one of the worst data breaches ever faced by the US government are back at it again. According to Microsoft, the hackers have launched a cyberattack on more than 150 government agencies, think tanks and other organizations.
Within this week, the Nobelium group targeted 3,000 email accounts at various organizations, most of them were in the United States.
The news was released by Tom Burt, Microsoft Vice President of Customer Security and Trust via blog. He stated that this group of hackers is believed to be the same Russian group which led last year’s cyberattack on SolarWinds, and targeted the systems of around 9 US federal agencies and 100 companies.
Microsoft also told that around quarter of the companies or organizations which were attacked this week were involved in international development, humanitarian, and human rights work, across at least 24 countries. The company told that Nobelium group managed to launch the attack by gaining access to a Constant Contact email marketing account used by the US Agency for International Development (USAID).
According to Microsoft, “These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts.” After gaining access to USAID’s account, the hackers sent out phishing mails which looked authentic. But, the mails also “included a link that, when clicked, inserted a malicious file”. As a result, it enabled hackers to get into the system through backdoor.
Explaining about backdoor, Microsoft said, “This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network,”
Addressing the issue, Pooja Jhunjhunwala, the USAID acting spokesperson said that the agency “is aware of potentially malicious email activity” from a “compromised Constant Contact marketing account”. She added, “USAID has notified and is working with all appropriate Federal authorities, including the U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA).”
CISA is also working to “better understand the extent of the compromise and assist potential victims.”
Moreover, Microsoft said that many of the attacks were blocked automatically and the company is also notifying the targeted customers. “It is anticipated that additional activity may be carried out by the group using an evolving set of tactics,” said Microsoft. Hence the systems have been put on alert.