Serviceteam IT Security News

SolarWinds Hackers Go Phishing

American multinational technology company Microsoft says that the threat group behind the Microsoft and SolarWinds hack has launched a massive new phishing campaign targeting government agencies, NGOs and think tanks. 

Last year, an advanced persistent threat (APT) group exploited vulnerabilities in Microsoft and SolarWinds programs to carry out a supply-chain attack that trojanized SolarWinds' Orion business software updates to distribute malware. Nine US federal agencies and over 100 companies were targeted.

According to Microsoft, Russian-based APT group Nobelium was not only behind that attack but is now running a phishing campaign that has already targeted thousands of email accounts around the world. 

"This week we observed cyber-attacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations," wrote Microsoft's vice president of customer security and trust, Tom Burt, in a blog post published on Thursday.

"This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations."

Burt said that organizations in at least 24 different countries were impacted, with the majority of victims located in the United States.

At least one in four of the organizations targeted are involved in international development, humanitarian, and human rights work. 

"These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts," wrote Burt.

Nobelium launched the phishing campaign by gaining access to the Constant Contact account of USAID.

"From there, the actor was able to distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call NativeZone," wrote Burt. 

"This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network."

Digital Shadows threat researcher Stefano De Blasi said that Nobelium's alleged malicious activity exemplified how targeted phishing campaigns still constitute a serious threat against institutions of any kind. 

He added: "This campaign is the latest testament to this group's objective of collecting sensitive and highly valuable information from Western organizations operating in the government and external affairs field."

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply