The authentic-looking phishing emails dated 25 May purported to contain new information on 2020 election fraud claims and included a link to malware that allowed the hackers to “achieve persistent access to compromised machines”. The hackers gained access to USAid’s account at Constant Contact, an email marketing service, Microsoft said. He said the targets spanned at least 24 countries, though US organisations represented the largest share of victims. The cybersecurity company Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft, said in a post that relatively low detection rates of the phishing emails suggested the attacker was “likely having some success in breaching targets”.īurt said the campaign appeared to be a continuation of efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence-gathering efforts”. Microsoft did not say what portion of the attempts may have led to successful intrusions, though Burt wrote that many attacks targeting the company’s customers were automatically blocked. A spokesperson, Karine Jean-Pierre, told reporters “we’re going to move forward with that” summit when asked about the hack’s possible impact on the meeting. On Friday, the White House confirmed that it would go ahead with the summit despite the attack. It precedes a summit between the US president, Joe Biden, and his Russian counterpart, Vladimir Putin, scheduled for next month.
#SOLARWINDS CYBER ATTACK CRACK#
News of the attacks came just over a month after the US expelled Russian diplomats and imposed sanctions against Russian officials and companies in an effort to crack down on election interference and cyber espionage. “We need clear rules governing nation-state conduct in cyberspace and clear expectations of the consequences for violation of those rules.”Ī spokesperson for the US Cybersecurity and Infrastructure Security Agency said it was investigating with other agencies: “We are aware of the potential compromise at USAID through an email marketing platform and are working with the FBI and USAID to better understand the extent of the compromise and assist potential victims.” “Nation-state cyber-attacks aren’t slowing,” Burt wrote. Microsoft identified the attack’s perpetrators as Nobelium, a group originating in Russia that was also behind the attacks on SolarWinds customers in 2020. The effort targeted about 3,000 email accounts at more than 150 organisations, at least a quarter of them involved in international development, humanitarian and human rights work, the Microsoft vice-president Tom Burt wrote in a blogpost on Thursday. The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted phishing assault on US and foreign government agencies and thinktanks this week using an email marketing account of the US Agency for International Development (USAid), Microsoft has said.