Russian Hackers Targeting International Aid Groups

Uploaded on 2021-06-07 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Microsoft says another wave of Russian cyber attacks has targeted government agencies and human rights groups in 24 countries, most in the US. About 3,000 email accounts at more than 150 different organisations had been attacked in the last week. The group responsible was the same one that carried out last year's SolarWinds attacks, which Russia's Foreign Intelligence Service (SVR) is accused of orchestrating, Microsoft said.

Russia has denied both cyber attacks, but analysts say that just illustrates how the Kremlin uses ostensibly private groups to create deniability, a problem likely to continue. 

The Russian group was able to gain access to an email marketing account used by the State Department’s international aid agency, USAID, from which it targeted other organisations. The new attacks targeted government agencies involved in foreign policy as part of "intelligence gathering efforts" targeting about 3,000 email accounts at more than 150 organisations, at least a quarter of them involved in international development, humanitarian and human rights work, the Microsoft vice-president Tom Burt said in a blog. While most were in the US, targeted victims spanned at least 24 countries. 

According to Microsoft, Nobelium, a group originating in Russia, launched attacks by gaining access to an email marketing account used by USAID. Hackers then sent emails that looked authentic but included a link which, when clicked, inserted a malicious file enabling the stealing of data and infecting other computers on a network.

A spokesperson for the US Cybersecurity and Infrastructure Security Agency (CISA) told CBS News authorities were aware of the attack and were trying "to better understand the extent of the compromise and assist potential victims". Microsoft said many of the attacks targeting its customers were blocked automatically. It was not immediately clear how many of the attempts led to successful intrusions. 

Hackers used US company SolarWinds' Orion platform to target US government departments, about 100 private companies and small numbers of UK organisations. At the end, nearly 18,000 customers installed the malicious software. This included screenshots showing a special alert, highlighting the message, "Donald Trump has published new documents on election fraud." The SVR was blamed by the UK and US for the hack has denied involvement.  

The Biden Administration has taken aim at Russia's hackers calling out the SVR, it's foreign intelligence agency, for SolarWinds and issuing sanctions for its activity. And yet Moscow shows no sign of being deterred.  Currently Russia’s spy chief has denied responsibility for the SolarWinds cyber attack but said he was “flattered” by the accusations from the US and the UK that Russian foreign intelligence was behind such a sophisticated hack.

Microsoft:      Guardian:       BBC:       CNBC:        DefenseOne:      NPR:        Al Jazeera:      Outpost News

You Might Also Read: 

US Sanctions Russia In Retaliation For Cyber Attacks:

 

« Huawei Chooses UAE As Cyber Security Hub
Microsoft’s Defensive Playbook »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

High Technology Crime Investigation Association (HTCIA)

High Technology Crime Investigation Association (HTCIA)

HTCIA was formed to provide education and collaboration to our global members for the prevention and investigation of high tech crimes.

Certes

Certes

Certes is a pioneer in delivering cutting-edge security technology solutions, with a specific focus on Data Protection Risk Mitigation (DPRM).

NESEC

NESEC

NESEC is a specialist in information security consulting services and solutions.

Onspring

Onspring

Onspring is the cloud-based platform of choice for governance, risk and compliance (GRC) teams and business operations experts across multiple industries.

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

RedShield Security

RedShield Security

RedShield is the world's first web application shielding-with-a-service company.

101 Blockchains

101 Blockchains

101 Blockchains is a professional and trusted provider of enterprise blockchain research and training.

ZEBOX

ZEBOX

ZEBOX is an international incubator & accelerator of innovative startups. Focus is on Transport/Logistics and Industry X.0 including technologies such as AI, Blockchain and Cybersecurity.

AUREA Technology

AUREA Technology

The photon counter SPD_OEM_NIR from AUREA Technology is designed for quantum key distribution at telecom wavelengths.

Camel Secure - ZeroRisk

Camel Secure - ZeroRisk

Camel Secure is a company specialized in the development of products for information security and technology risk management.

Fluid Attacks

Fluid Attacks

Fluid Attacks specialize in red team operations as well as technology development that continuously enhance our security testing services.

Opora

Opora

Opora is the leading cybersecurity provider of adversary behavior analytics “ABA” and preemptive security solutions.

Bfore.ai

Bfore.ai

Stop future attacks, today. Bfore.ai is an operational threat intelligence feed to add predictive technology to your security infrastructure.

Liquis Inc.

Liquis Inc.

Liquis, founded in 2002, is one of the largest facility decommissioning services companies in the U.S.

Twinstate Technologies

Twinstate Technologies

Twinstate Technologies specializes in cybersecurity, proactive IT, and hosted and on-premise voice solutions.

Securitum

Securitum

Securitum is a leading penetration testing company in central and eastern Europe.