WASHINGTON (NewsNation Now) — The same group that infiltrated several U.S. government agencies and private organizations during the SolarWinds hack breached the US AID network, according to Microsoft.
The company announced the hack in a blog post Thursday saying the attack targeted thousands of individuals and originated with a breach into the USAID network.
“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations. While organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries. At least a quarter of the targeted organizations were involved in international development, humanitarian, and human rights work,” said Microsoft in a statement.
Microsoft noted that many of the attacks were automatically blocked by antivirus software and the company’s own security software. They said they are currently notifying all customers who were targeted in the attack.
“The forensic investigation into this security incident is ongoing,” acting USAID spokesperson Pooja Jhunjhunwala said in a statement. “USAID has notified and is working with all appropriate Federal authorities, including the U.S. Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency.”
The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft, said in a post that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”
Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020, according to Microsoft.
While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy – easy to detect.
Nobelium launched this week’s attacks by breaking into an email marketing account used by the United States Agency For International Development (USAID) and from there launching phishing attacks on many other organizations, Microsoft said.
Microsoft released photos showing a sample phishing email that the email marketing account organization sent out to infiltrate other organizations.
The hack of information technology company SolarWinds, which was identified in December, gave hackers access to thousands of companies and government offices that used its products. Microsoft President Brad Smith described the attack as “the largest and most sophisticated attack the world has ever seen”.
This month, Russia’s spy chief denied responsibility for the SolarWinds cyber attack but said he was “flattered” by the accusations from the United States and Britain that Russian foreign intelligence was behind such a sophisticated hack.
The United States and Britain have blamed Russia’s Foreign Intelligence Service (SVR), successor to the foreign spying operations of the KGB, for the hack which compromised nine U.S. federal agencies and hundreds of private sector companies.
The attacks disclosed by Microsoft on Thursday appeared to be a continuation of multiple efforts to target government agencies involved in foreign policy as part of intelligence gathering efforts, Microsoft said.
The Associated Press and Reuters contributed to this report.