Microsoft warns of attacks on authorities and NGOs
Microsoft warns of cyber attacks. (Photo: The Art Of Pics / Shutterstock)
The group behind the Solarwinds hack has now apparently sent phishing emails to authorities, consultants and NGOs. Microsoft warns of state-controlled cyber attacks and sees a continuing trend.
The email accounts of around 150 government agencies, think tanks, consulting firms and NGOs have been affected by a phishing attack. Microsoft has that in one Communicated blog post. Behind it is therefore Nobelium, the same group as behind the solar wind hack in autumn.
The organizations affected are spread across 24 countries, most of which are based in the United States. At least a quarter of the organizations are active in the field of humanitarian development aid.
Contents
Phishing emails from the government account
The attackers initially gained access to contacts with the United States’ International Development Cooperation Agency. To do this, they hijacked the authority’s account at the online marketing company Constant Contact and sent phishing emails from there.
A link sent in these emails pointed to a file with a back door that the hackers could use to steal data as well as infect other computers.
Many of the mails were automatically blocked. In addition, the potentially affected devices are protected from the malware by Windows Defender. Therefore, there is currently no evidence of actual damage.
Microsoft calls for “rules for cyberspace”
Although the hackers were unsuccessful in this case, Microsoft considers the attack relevant in the context of the Solarwinds hack. Because in the meantime Nobelium’s strategy of gaining access to technology providers and infecting their customers is becoming clear. This increases the risk of collateral damage and a loss of confidence in the technical infrastructure.
In addition, Microsoft draws a parallel between Nobelium’s activities and Russia’s political interests. State-controlled hacker attacks cannot be ignored. Microsoft demands clear rules for nation states in cyberspace and the consequences of violating these rules.
In April, the US government blamed the Russian foreign intelligence service SWR for the Solarwinds hack. The Kremlin denied the allegations.
