Microsoft said the latest attack it detected from the cyber attackers responsible for the SolarWinds breaches was largely unsuccessful, meaning that Microsoft has not discovered a significant number of compromised organizations.
The hacking campaign against SolarWinds computer network management software revealed last year compromised nine federal agencies, and the Biden administration responded by imposing sanctions on Russia and attributing the breach to the Russian Foreign Intelligence Service (SVR).
Last week, Microsoft said it saw the same hackers involved in the SolarWinds intrusions targeting US organizations, including government agencies, think tanks, consultants, and non-governmental groups.
The most recent breach by hackers began when they gained access to the Constant Contact account of the United States Agency for International Development, which is a company that makes email marketing software, according to Microsoft corporate vice president Tom Burt. .
The Cybersecurity and Infrastructure Security Agency (CISA) said on Saturday that hackers sent malicious emails to 350 organizations and that CISA had not detected a “significant impact” on federal government agencies as a result of the hacking effort.
The most recent attack was a far cry from the cyberattack on Colonial Pipeline, a major US fuel supplier, whose response to a ransomware attack led to fuel shortages earlier this year, Burt wrote on the Microsoft blog on Saturday. . He also contrasted the most recent hack with previous SolarWinds breaches.
“The phishing attacks of the past week, by contrast, targeted espionage targets and did not corrupt a core process essential to the security of the digital ecosystem,” Burt wrote. “And, due in part to our early discovery and good defensive technology, last week’s attacks were mostly unsuccessful. Yet more shocking nation-state attacks continue to occur. “
Burt wrote that the SolarWinds hack and the latest intrusion combined with other recent breaches show the need for the private sector and government to accelerate their cybersecurity work. He wrote that clearer rules should be established for nation-state cyber conduct and what actions are considered to have crossed acceptable lines.