Microsoft says group behind Solar Winds hack now targeting government agencies, NGOs

The group behind the SolarWinds cyber-attack identified late last year is now targeting government agencies, think tanks, consultants, and non-governmental organizations, Microsoft Corp.

Microsoft said in a blog that they have observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations. According to Microsoft, Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020. They said that this wave of attacks targeted approximately 3,000 email accounts. And this took place at more than 150 different organizations.

Microsoft said that the targeted victims came from at least 24 countries. The largest share of attacks was received by the organisations of the United States. In the blog they have said that at least a quarter of the targeted organisations were involved in international development, humanitarian issues and human rights work.

Nobelium launched this week’s attacks by breaking into an email marketing account used by the United States Agency for International Development (USAID) and from there launching phishing attacks on many other organisations. The hack of information technology company SolarWinds, was identified in December. And this gave access to thousands of companies and government offices that used its products. The attack has been described as the largest and most sophisticated attack the world has ever seen by the Microsoft President Brad Smith.

Russia’s spy chief denied responsibility for the SolarWinds cyber attack in this month. But he stated that he was flattered by the accusations from the United States and Britain that the Russian foreign intelligence was behind such a sophisticated hack. Microsoft said that this attack appears to be a continuation of multiple efforts to target government agencies involved in foreign policy. This may be a part of intelligence gathering efforts.

The company is in the process of notifying all of its targeted customers. It stated that the company had no reason to believe these attacks involved any exploitation or vulnerability in Microsoft’s products or services.