Russian Hackers Targeting International Aid Groups

Microsoft says another wave of Russian cyber attacks has targeted government agencies and human rights groups in 24 countries, most in the US. About 3,000 email accounts at more than 150 different organisations had been attacked in the last week. The group responsible was the same one that carried out last year's SolarWinds attacks, which Russia's Foreign Intelligence Service (SVR) is accused of orchestrating, Microsoft said.

Russia has denied both cyber attacks, but analysts say that just illustrates how the Kremlin uses ostensibly private groups to create deniability, a problem likely to continue. 

The Russian group was able to gain access to an email marketing account used by the State Department’s international aid agency, USAID, from which it targeted other organisations. The new attacks targeted government agencies involved in foreign policy as part of "intelligence gathering efforts" targeting about 3,000 email accounts at more than 150 organisations, at least a quarter of them involved in international development, humanitarian and human rights work, the Microsoft vice-president Tom Burt said in a blog. While most were in the US, targeted victims spanned at least 24 countries. 

According to Microsoft, Nobelium, a group originating in Russia, launched attacks by gaining access to an email marketing account used by USAID. Hackers then sent emails that looked authentic but included a link which, when clicked, inserted a malicious file enabling the stealing of data and infecting other computers on a network.

A spokesperson for the US Cybersecurity and Infrastructure Security Agency (CISA) told CBS News authorities were aware of the attack and were trying "to better understand the extent of the compromise and assist potential victims". Microsoft said many of the attacks targeting its customers were blocked automatically. It was not immediately clear how many of the attempts led to successful intrusions. 

Hackers used US company SolarWinds' Orion platform to target US government departments, about 100 private companies and small numbers of UK organisations. At the end, nearly 18,000 customers installed the malicious software. This included screenshots showing a special alert, highlighting the message, "Donald Trump has published new documents on election fraud." The SVR was blamed by the UK and US for the hack has denied involvement.  

The Biden Administration has taken aim at Russia's hackers calling out the SVR, it's foreign intelligence agency, for SolarWinds and issuing sanctions for its activity. And yet Moscow shows no sign of being deterred.  Currently Russia’s spy chief has denied responsibility for the SolarWinds cyber attack but said he was “flattered” by the accusations from the US and the UK that Russian foreign intelligence was behind such a sophisticated hack.

Microsoft:      Guardian:       BBC:       CNBC:        DefenseOne:      NPR:        Al Jazeera:      Outpost News

You Might Also Read: 

US Sanctions Russia In Retaliation For Cyber Attacks:

 

« Huawei Chooses UAE As Cyber Security Hub
Microsoft’s Defensive Playbook »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cybsecurity Foundation (CSF)

Cybsecurity Foundation (CSF)

Cybsecurity is a non-profit NGO, which aims to work on improvement of security levels in the Polish cyberspace.

F-Response

F-Response

F-Response is a software utility that enables an investigator to conduct live Forensics, Data Recovery, and eDiscovery over an IP network using their tools of choice.

Quadrant Information Security

Quadrant Information Security

Quadrant Information Security is a consulting firm committed to supporting organizations in all vertical markets and protecting their sensitive data.

Crayonic

Crayonic

Crayonic digital identity technologies protect and guarantee the identity of people and things.

ACM-CCAS

ACM-CCAS

ACM is a UKAS-accredited certification body helping businesses around the world perform to a higher standard. Our certifications include ISO 27001 and ISO 22301.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Jump Capital

Jump Capital

Jump provides series A and B capital to data-driven tech companies within the FinTech, IT & Data Infrastructure, B2B SaaS and Media sectors.

TierPoint

TierPoint

TierPoint delivers secure, reliable, and connected infrastructure solutions at the internet’s edge. We meet you where you are in your journey to solve for data storage, compute, and recovery.

DataPassports

DataPassports

DataPassports is a data-centric security and privacy solution that enforces privacy and security from end-to-end with transparent protection of data at the source.

Boeing

Boeing

Boeing is the world's largest aerospace company and leading manufacturer of commercial jetliners, defense, space and security systems.

Bytes Technology Group

Bytes Technology Group

Bytes is a leading provider of world-class IT solutions. Our growing portfolio of services includes cloud, security, licensing, SAM, storage, virtualisation and managed services.

Grove Group

Grove Group

Grove provides businesses with the tools that work best for their unique operations, through cybersecurity and cloud services, custom software development and our big data analytics expertise.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

Clarity

Clarity

Clarity is an AI cybersecurity startup that protects against deepfakes and new social engineering and phishing attack vectors accelerated by the rapid adoption of Generative AI.

SecureKloud Technologies

SecureKloud Technologies

SecureKloud is a global leader in the Cloud services arena. Our experience in cloud consulting and servicing for highly regulated industries extends more than a decade.

Datos Insights

Datos Insights

Datos Insights is a leading global provider of insights, data, and advisory services to the financial services, insurance, and retail technology industries.