Russian Hackers Targeting International Aid Groups

Microsoft says another wave of Russian cyber attacks has targeted government agencies and human rights groups in 24 countries, most in the US. About 3,000 email accounts at more than 150 different organisations had been attacked in the last week. The group responsible was the same one that carried out last year's SolarWinds attacks, which Russia's Foreign Intelligence Service (SVR) is accused of orchestrating, Microsoft said.

Russia has denied both cyber attacks, but analysts say that just illustrates how the Kremlin uses ostensibly private groups to create deniability, a problem likely to continue. 

The Russian group was able to gain access to an email marketing account used by the State Department’s international aid agency, USAID, from which it targeted other organisations. The new attacks targeted government agencies involved in foreign policy as part of "intelligence gathering efforts" targeting about 3,000 email accounts at more than 150 organisations, at least a quarter of them involved in international development, humanitarian and human rights work, the Microsoft vice-president Tom Burt said in a blog. While most were in the US, targeted victims spanned at least 24 countries. 

According to Microsoft, Nobelium, a group originating in Russia, launched attacks by gaining access to an email marketing account used by USAID. Hackers then sent emails that looked authentic but included a link which, when clicked, inserted a malicious file enabling the stealing of data and infecting other computers on a network.

A spokesperson for the US Cybersecurity and Infrastructure Security Agency (CISA) told CBS News authorities were aware of the attack and were trying "to better understand the extent of the compromise and assist potential victims". Microsoft said many of the attacks targeting its customers were blocked automatically. It was not immediately clear how many of the attempts led to successful intrusions. 

Hackers used US company SolarWinds' Orion platform to target US government departments, about 100 private companies and small numbers of UK organisations. At the end, nearly 18,000 customers installed the malicious software. This included screenshots showing a special alert, highlighting the message, "Donald Trump has published new documents on election fraud." The SVR was blamed by the UK and US for the hack has denied involvement.  

The Biden Administration has taken aim at Russia's hackers calling out the SVR, it's foreign intelligence agency, for SolarWinds and issuing sanctions for its activity. And yet Moscow shows no sign of being deterred.  Currently Russia’s spy chief has denied responsibility for the SolarWinds cyber attack but said he was “flattered” by the accusations from the US and the UK that Russian foreign intelligence was behind such a sophisticated hack.

Microsoft:      Guardian:       BBC:       CNBC:        DefenseOne:      NPR:        Al Jazeera:      Outpost News

You Might Also Read: 

US Sanctions Russia In Retaliation For Cyber Attacks:

 

« Huawei Chooses UAE As Cyber Security Hub
Microsoft’s Defensive Playbook »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

aeCERT

aeCERT

aeCERT is the national Computer Emergency Response Team for the United Arab Emirates.

IABG

IABG

Activities include consulting services in the development of software systems in the area of secure information and data communication.

Aves Netsec

Aves Netsec

Aves is a deceptive security system for enterprises who want to capture, observe and mitigate bad actors in their internal network.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

Cycode

Cycode

Cycode is the industry’s first source code control, detection, and response platform.

Finosec

Finosec

Finosec's mission is to change the way information security and cybersecurity are managed in banking.

boxxe

boxxe

boxxe create flexible IT infrastructures, collaborative global workspaces and data clarity, all underpinned by world-leading security.

WhiteHawk

WhiteHawk

WhiteHawk is the first online Cyber Security Exchange. We help you understand your cyber risk and match you to tailored and affordable solutions.

Aristi Technologies

Aristi Technologies

Aristi provides cybersecurity risk and compliance services to help manage your unique cyber risks, safeguarding your systems and data and complying with government and industry standards.

Noblis

Noblis

Noblis is a dynamic science, technology, and strategy organization dedicated to creating forward-thinking technical and advisory solutions in the public interest.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

Ethiopian Cybersecurity Association (ECySA)

Ethiopian Cybersecurity Association (ECySA)

ECySA was formed to play an influential part in the ongoing and dawning cybersecurity practices of Ethiopia, efficiently creating public and private awareness on all kinds of cyber risks and threats.

PT Kubus Hitam Indonesia

PT Kubus Hitam Indonesia

Kubus Hitam are a research-based company focused on cyber security. we strongly believe that innovation and safety are the two keywords for the future business market.