Microsoft has warned about an ongoing, sophisticated cyber attack believed to be from the same Russian-related hackers behind the SolarWinds hack.
Microsoft said: The attack appears to be targeting government agencies, think tanks, consultants and non-governmental organizations.
Microsoft believes that about 3,000 email accounts have been targeted across 150 organizations. Victims are spread in more than 24 countries, but the majority are in the United States.
Hackers of a group called Nobelium managed to hack into the USAID account via a marketing service called Constant Contact. This allowed them to send real-looking phishing emails.
Microsoft’s post contains a screenshot of one of these emails, which it claims contains a link to documents about election fraud from Donald Trump.
The link, when clicked, creates a backdoor that allows attackers to steal data or infect other computers over the same network.
A Constant Contact spokesperson said in a statement: We understand that one of our customers’ account data has been compromised and used by a malicious actor to access a customer’s Constant Contact accounts.
“This is an isolated incident, and we have temporarily disabled the affected accounts while we are working in cooperation with our client who works with law enforcement agencies,” he added.
Microsoft says: It believes that many of the attacks were automatically blocked, and that the Windows Defender antivirus also limits the spread of malware.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency endorsed a Microsoft blog and encouraged officials to implement the necessary mitigation measures.
Microsoft is calling for new international standards to govern the behavior of nation-states in cyberspace, along with expectations of the consequences of breaking them.
The US government blamed Russia’s foreign intelligence service, SVR, for hacking SolarWinds.