Russia’s Nobel Laureate Uses USAID Email System To Hack, Says Microsoft

Annette Riedl | Picture Alliance | fake images

Russian hackers believed to be behind the catastrophic SolarWinds attack last year launched another major cyber attack, Microsoft warned three weeks before President Joe Biden meets with Russian President Vladimir Putin.

Microsoft said in a blog post that the hacking group, known as Nobelium, had targeted more than 150 organizations around the world in the past week, including government agencies, think tanks, consultants and non-governmental organizations.

They sent phishing emails – fake messages designed to trick people into handing over confidential information or downloading malicious software – to more than 3,000 email accounts, the tech giant said.

At least 25% of the selected organizations are involved in international development, humanitarian and human rights work, said Tom Burt, Microsoft’s corporate vice president of security and customer trust.

“These attacks appear to be a continuation of Nobelium’s multiple efforts to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Burt said.

Organizations in at least 24 countries were targeted, Microsoft said, with the United States taking the lion’s share of the attacks.

The gap was discovered three weeks before the Biden-Putin summit in Geneva on June 16.

It also comes a month after the US government explicitly said that the attack on SolarWinds was carried out by Russia’s SVR, a successor to the Soviet KGB’s overseas spy operations.

The Kremlin said on Friday that it does not have any information about the cyber attack and that Microsoft needs to answer more questions, including the relationship between the attack and Russia, Reuters reported. The Kremlin did not immediately respond to CNBC’s request for comment.

The trick explained

Microsoft said Nobelium gained access to an email marketing account used by the US Agency for International Development, which is the federal government’s aid agency. The account is maintained on a platform called Constant Contact.

Burt said Nobelium used the account to “distribute phishing emails that appeared authentic but included a link that, when clicked, inserted a malicious file.”

The file contains a backdoor that Microsoft calls NativeZone that can “allow a wide range of activities, from stealing data to infecting other computers on a network,” according to Burt, who said Microsoft is in the process of notifying customers that they have been attacked.

Steve Forbes, a government cybersecurity expert at domain name manager Nominet, outlined the dangers of this type of hacking.

“Phishing attacks are essentially a numbers game and the attackers are playing the odds,” he said in a statement shared with CNBC. “If they’re targeting 3,000 accounts, it only takes one employee to click the link to establish a backdoor for hackers in a government organization.”

The SolarWinds attack, discovered in December, turned out to be much worse than expected. It gave hackers access to thousands of companies and government offices using SolarWinds IT software.

Microsoft president Brad Smith described the attack as “the largest and most sophisticated attack the world has ever seen.”

Earlier this month, Russia’s spy chief denied being responsible for the SolarWinds cyberattack, but said he was “flattered” by accusations by the United States and the United Kingdom that Russian foreign intelligence was behind such a sophisticated attack. .

Add Comment