[ad_1]
James Martin / CNET
Microsoft has announced a large-scale cyberattack allegedly being carried out by hackers linked to Russian intelligence, the same ones behind the SolarWinds hack. The hackers gained access to an email system operated by the US Agency for International Development, a state department specializing in foreign aid, and sent malicious emails to “around 3,000 individual accounts in more than 150 organizations, according to a threat warning from Microsoft “. Thursday.
The hackers appeared to target “many humanitarian and human rights organizations,” said Tom Burt, vice president of Microsoft, in a post on Thursday. Organizations in the US received the largest proportion of the attacks, but Burt found that the targeted victims were in at least 24 countries.
Some of the malicious emails were only sent this week, and Microsoft said attacks may be ongoing. The attacks appear to be a continuation of efforts by Russian hackers to “attack government agencies involved in foreign policy as part of intelligence procurement,” Burt said.
This newly exposed cyberattack comes just over a month after the US officially sanctions Russia for alleged election interference and malicious cyber activity, including the widespread SolarWinds hack. Key intelligence agencies had previously said Russia was the likely origin of the SolarWinds hack, which used compromised software from IT management company SolarWinds to infiltrate several US federal agencies and at least 100 private companies.
In an interview with CNN on Friday, Defense Secretary Lloyd Austin said the US had “a number of offensive options” to respond to cyberattacks, although he did not specifically refer to this latest attack.
“The cyberdomain is really important, it’s part … of the battlefield, it’s part of the architecture, something that we not only have to be careful about but also be dominant,” Austin told CNN.
USAID spokesman Pooja Jhunjhunwala said the agency was “aware of potentially malicious email activity from a compromised Constant Contact email marketing account,” adding that a “forensic investigation” of the incident was ongoing.
A spokesman for the US Cybersecurity and Infrastructure Security Agency said CISA is working with “the FBI and USAID to better understand the extent of the compromise and to help potential victims.”
Phishing emails that looked authentic
Microsoft said it had been tracking this new hacking campaign since January 2021, but that the situation escalated significantly on Tuesday when hackers “used the legitimate mass mailing service Constant Contact to impersonate a US development organization and sent malicious URLs to a. distributed to a wide variety of organizations and industries. “Due to the high volume of malicious email sent, some may have been intercepted by spam filters, but others likely past automated systems in their designated inboxes, Microsoft said.
If someone clicked the link in the email, they would upload a malicious file that Microsoft said could give the hackers “persistent access to compromised systems”. This could potentially allow the hackers to “perform targets for action such as sideways movement, data exfiltration and deployment of additional malware”.
Stay up to date. Get the latest technical stories from CNET News every weekday.
When a spokesman for Constant Contact was asked for comment, CNET said the company had disabled affected accounts.
“We are aware that one of our customers’ credentials has been compromised and used by a malicious actor to access the customer’s Constant Contact accounts. This is an isolated incident and we have temporarily disabled the affected accounts while we are with our cooperate customer who works with law enforcement, “said the spokesman.
Neither the White House nor the Russian Embassy in Washington responded to requests for comment.
An example of the malicious emails sent by hackers that showed up in an alert from USAID.
Microsoft
[ad_2]
