The cyberattacks responsible for the SolarWinds hack struck American organizations again this week, Microsoft said.
Russian hackers who according to US intelligence are behind the SolarWinds breach that previously compromised government networks this week, persecuted government agencies, think tanks, consultants and non-governmental organizations, said the corporate vice president. from Microsoft, Tom Burt.
“This wave of attacks targeted approximately 3,000 email accounts in more than 150 different organizations,” Burt wrote on the Microsoft blog. “While organizations in the United States received most of the attacks, the targeted victims span at least 24 countries. At least a quarter of the selected organizations were involved in international development, humanitarian and human rights work ”.
Burt said Thursday that the hackers’ latest effort began when they gained access to the US Agency for International Development (USAID) account with Constant Contact, a company that makes email marketing software.
“We are aware that a bad actor accessed one of our client’s account credentials to send malicious emails,” Constant Contact said on Twitter Friday morning. “This appears to be an isolated incident. We have temporarily disabled the affected accounts and we are collaborating with the client while they work with law enforcement agencies. “
While the hacking campaign could be Constant Contact’s first brush with hackers, it is not an isolated incident for the US government. The SolarWinds computer network management software hack that was made publicly known last year. past involved nine federal agencies.
The Biden administration attributed the SolarWinds hack to Russia’s Foreign Intelligence Service (SVR) and imposed sanctions on Russia in response.
Microsoft said on Friday that the new hack was carried out by “Nobelium,” which according to the company was the “same actor” behind the SolarWinds hack.
“These attacks appear to be a continuation of Nobelium’s multiple efforts to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Burt wrote.
Mr. Burt said Microsoft automatically blocked “many of the attacks” targeting its customers and notifies everyone affected.
Microsoft also warned that “nation-state cyberattacks are not slowing down” and said it has become clear that the hackers’ playbook is to infiltrate trusted technology providers to infect their customers.