Microsoft released information about the main cyberattack in a blog post on Thursday. The Russian hackers thought to be behind the catastrophic SolarWinds attack in 2020, launched another cyberattack. The hacking group known as Nobelium targeted more than 150 organizations around the world last week, including government agencies, think tanks as well as nongovernmental organizations.
Nobelium sent phishing emails- spoof messages designed to trick people into handing over sensitive information. At least 25% of the targeted organizations are involved in international development, humanitarian as well as human rights work.
Microsoft’s corporate vice president of customer security and trust Tom Burt revealed interesting details. According to Burt, these attacks appear to be a continuation of multiple efforts by the hacking group, to target government agencies involved in foreign policy as part of intelligence gathering efforts. Hackers targeted organizations from at least 24 countries.
Microsoft and hackers
The latest major cyberattack comes a month after the U.S. government explicitly said that Russia’s SVR attacked SolarWinds. SVR is a successor to the foreign spying operations of the Soviet KGB.
The Kremlin said on Friday it does not possess any information regarding the cyberattack. Russia also made it clear that Microsoft needs to answer more questions about the incident.
Hackers obtained access to an email marketing account used by the U.S. Agency for International Development. The hacking group used the account to distribute phishing emails that looked authentic but included a malicious file. The file created by Nobelium contains a backdoor that Microsoft calls NativeZeone. It can enable a wide range of activities from stealing data to infecting other computers on a network. Microsoft started to notify customers affected by the cyberattack.
Such attacks are quite interesting, as phishing attacks are essentially a numbers game and the attackers are playing the odds. For example, if they target 3,000 accounts, it only takes one employee to click on the link to establish a backdoor.
The SolarWinds attacks that took place in 2020, turned out to be much worse than first expected. Hackers gained access to thousands of computers and government offices that used SolarWinds IT software. Even the Microsoft President described the attack as the largest and most sophisticated attack in history.
In May, Russia’s spy chief Sergei Naryshkin denied responsibility for the SolarWinds cyberattack. Nevertheless, he was “flattered” by the allegations from the U.S. and U.K. that SVR conducted such a sophisticated operation.