Russian Hackers Targeting International Aid Groups

Uploaded on 2021-06-07 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Microsoft says another wave of Russian cyber attacks has targeted government agencies and human rights groups in 24 countries, most in the US. About 3,000 email accounts at more than 150 different organisations had been attacked in the last week. The group responsible was the same one that carried out last year's SolarWinds attacks, which Russia's Foreign Intelligence Service (SVR) is accused of orchestrating, Microsoft said.

Russia has denied both cyber attacks, but analysts say that just illustrates how the Kremlin uses ostensibly private groups to create deniability, a problem likely to continue. 

The Russian group was able to gain access to an email marketing account used by the State Department’s international aid agency, USAID, from which it targeted other organisations. The new attacks targeted government agencies involved in foreign policy as part of "intelligence gathering efforts" targeting about 3,000 email accounts at more than 150 organisations, at least a quarter of them involved in international development, humanitarian and human rights work, the Microsoft vice-president Tom Burt said in a blog. While most were in the US, targeted victims spanned at least 24 countries. 

According to Microsoft, Nobelium, a group originating in Russia, launched attacks by gaining access to an email marketing account used by USAID. Hackers then sent emails that looked authentic but included a link which, when clicked, inserted a malicious file enabling the stealing of data and infecting other computers on a network.

A spokesperson for the US Cybersecurity and Infrastructure Security Agency (CISA) told CBS News authorities were aware of the attack and were trying "to better understand the extent of the compromise and assist potential victims". Microsoft said many of the attacks targeting its customers were blocked automatically. It was not immediately clear how many of the attempts led to successful intrusions. 

Hackers used US company SolarWinds' Orion platform to target US government departments, about 100 private companies and small numbers of UK organisations. At the end, nearly 18,000 customers installed the malicious software. This included screenshots showing a special alert, highlighting the message, "Donald Trump has published new documents on election fraud." The SVR was blamed by the UK and US for the hack has denied involvement.  

The Biden Administration has taken aim at Russia's hackers calling out the SVR, it's foreign intelligence agency, for SolarWinds and issuing sanctions for its activity. And yet Moscow shows no sign of being deterred.  Currently Russia’s spy chief has denied responsibility for the SolarWinds cyber attack but said he was “flattered” by the accusations from the US and the UK that Russian foreign intelligence was behind such a sophisticated hack.

Microsoft:      Guardian:       BBC:       CNBC:        DefenseOne:      NPR:        Al Jazeera:      Outpost News

You Might Also Read: 

US Sanctions Russia In Retaliation For Cyber Attacks:

 

« Huawei Chooses UAE As Cyber Security Hub
Microsoft’s Defensive Playbook »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

Original Software

Original Software

Original Software offers a test automation solution focused completely on the goal of effective software quality management.

Canadian Security Intelligence Service (CSIS)

Canadian Security Intelligence Service (CSIS)

CSIS collects and analyzes threat-related information concerning the security of Canada in areas including terrorism, espionage, WMD, cybersecurity and critical infrastructure protection.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

FinCom.co

FinCom.co

FinCom.Co is the world’s first automatic AML/ KYC screening system, for comprehensive compliance.

AXA XL

AXA XL

AXA XL is the P&C and Specialty Risk Division of AXA. Professional insurance products include Cyber Insurance.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

Urbane Security

Urbane Security

Urbane Security is a premier information security consultancy empowering the Fortune 500, small and medium enterprise, and high-tech startups.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

Network Perception

Network Perception

Network Perception proactively and continuously assures the security of critical OT assets with intuitive network segmentation verification and visualization.

Softwerx

Softwerx

Softwerx is the UK’s leading Microsoft cloud security practice. We’ve been helping forward-thinking companies better secure their businesses for nearly twenty years.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

Hetz Ventures

Hetz Ventures

Hetz Ventures is a global-facing VC investing in highly talented and ambitious Israeli founders who operate at the cutting edge of deep technology.