Russian Hackers Targeting International Aid Groups

Uploaded on 2021-06-07 in TECHNOLOGY--Hackers, NEWS-News Analysis, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Microsoft says another wave of Russian cyber attacks has targeted government agencies and human rights groups in 24 countries, most in the US. About 3,000 email accounts at more than 150 different organisations had been attacked in the last week. The group responsible was the same one that carried out last year's SolarWinds attacks, which Russia's Foreign Intelligence Service (SVR) is accused of orchestrating, Microsoft said.

Russia has denied both cyber attacks, but analysts say that just illustrates how the Kremlin uses ostensibly private groups to create deniability, a problem likely to continue. 

The Russian group was able to gain access to an email marketing account used by the State Department’s international aid agency, USAID, from which it targeted other organisations. The new attacks targeted government agencies involved in foreign policy as part of "intelligence gathering efforts" targeting about 3,000 email accounts at more than 150 organisations, at least a quarter of them involved in international development, humanitarian and human rights work, the Microsoft vice-president Tom Burt said in a blog. While most were in the US, targeted victims spanned at least 24 countries. 

According to Microsoft, Nobelium, a group originating in Russia, launched attacks by gaining access to an email marketing account used by USAID. Hackers then sent emails that looked authentic but included a link which, when clicked, inserted a malicious file enabling the stealing of data and infecting other computers on a network.

A spokesperson for the US Cybersecurity and Infrastructure Security Agency (CISA) told CBS News authorities were aware of the attack and were trying "to better understand the extent of the compromise and assist potential victims". Microsoft said many of the attacks targeting its customers were blocked automatically. It was not immediately clear how many of the attempts led to successful intrusions. 

Hackers used US company SolarWinds' Orion platform to target US government departments, about 100 private companies and small numbers of UK organisations. At the end, nearly 18,000 customers installed the malicious software. This included screenshots showing a special alert, highlighting the message, "Donald Trump has published new documents on election fraud." The SVR was blamed by the UK and US for the hack has denied involvement.  

The Biden Administration has taken aim at Russia's hackers calling out the SVR, it's foreign intelligence agency, for SolarWinds and issuing sanctions for its activity. And yet Moscow shows no sign of being deterred.  Currently Russia’s spy chief has denied responsibility for the SolarWinds cyber attack but said he was “flattered” by the accusations from the US and the UK that Russian foreign intelligence was behind such a sophisticated hack.

Microsoft:      Guardian:       BBC:       CNBC:        DefenseOne:      NPR:        Al Jazeera:      Outpost News

You Might Also Read: 

US Sanctions Russia In Retaliation For Cyber Attacks:

 

« Huawei Chooses UAE As Cyber Security Hub
Microsoft’s Defensive Playbook »

Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Ixia

Ixia

Ixia provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

SRI International

SRI International

SRI International is a research institute performing client-sponsored R&D in a broad range of study areas including computing and cybersecurity.

National Cyber Exchange (NCX)

National Cyber Exchange (NCX)

NCX is a non-profit, member organization dedicated to improving cybersecurity and protecting critical infrastructure.

Quadron Cybersecurity Services

Quadron Cybersecurity Services

Quadron Cybersecurity Services is a specialist in digital security, data and system protection.

National Authority for Electronic Certification and Cyber Security (AKCESK)

National Authority for Electronic Certification and Cyber Security (AKCESK)

AKCESK ensures security for trusted services, in particular reliability and security in electronic transactions between citizens, businesses and public authorities.

Crashtest Security

Crashtest Security

Crashtest Security is a cyber security company that helps digital companies to continuously create secure software with the help of automated vulnerability assessments.

Exeon Analytics

Exeon Analytics

Exeon Analytics is a Swiss cyber security company that is specialized in detecting hidden data breaches and advanced cyber attacks.

Telecommunications & Digital Government Regulatory Authority (TDRA)

Telecommunications & Digital Government Regulatory Authority (TDRA)

TDRA focuses on regulating the telecommunications sector and enabling government entities in the field of smart transformation. It is responsible for the overall digital infrastructure in the UAE.

SlowMist

SlowMist

SlowMist is a blockchain ecosystem security company providing cybersecurity audits and protection for leading digital asset exchanges, crypto wallets, public chains, and smart contracts.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

United Network Technologies

United Network Technologies

United Network Technologies is a leading Managed Services Provider, distributor and developer of specialised cyber security components and technologies.