Menu
It’s clear the United States is a prime target for bad actors.
The notorious SolarWinds hackers are back, this time targeting about 3,000 email accounts at more than 150 different organizations.
That’s according to Microsoft. Organizations in the United States are victims of the largest share of attacks, but the malfeasance spans at least 24 countries.
At least a quarter of the organizations targeted by the SolarWinds hackers were involved in international development, humanitarian and human rights work. Nobelium, originating from Russia, is the same group behind the attacks on SolarWinds customers in 2020.
Microsoft says these attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts.
Nobelium launched the new attacks by gaining access to the Constant Contact account of the United States Agency for International Development (USAID). Constant Contact is a service used for email marketing.
From there, the actor distributed phishing emails that looked authentic but included a link. When clicked, the link inserted a malicious file used to distribute a backdoor called NativeZone. This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network.
Tom Burt is Microsoft’s corporate vice president of customer security and trust.
Microsoft’s Tom Burt
“Many of the attacks targeting our customers were blocked automatically, and Windows Defender is blocking the malware involved in this attack,” he said. “We’re also in the process of notifying all of our customers who have been targeted. We detected this attack and identified victims through the ongoing work of the Microsoft Threat Intelligence Center (MSTIC) team in tracking nation-state actors. We have no reason to believe these attacks involve any exploit against or vulnerability in Microsoft’s products or services.”
Part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers, Burt said. By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem.
This is yet another example of how cyberattacks have become the tool of choice for a growing number of nation-states to accomplish a wide variety of political objectives, he said. The focus of these attacks by Nobelium are on human rights and humanitarian organizations.
Lotem Finkelsteen is head of threat intelligence at Check Point Software Technologies.
Check Point’s Lotem Finkelshtein
“These attacks are not opportunistic or near-term, but rather strategic and long-term,” he said. “While one attack is practiced in the wild, another one is cooking, and will be ready to serve as a replacement, if anything gets exposed. If you are a valuable target, the attackers won’t let you go. The only way to protect yourself from such strategic attacks is to enact a strategic defense. The next attack can come in any form.”
Kelvin Coleman is executive director of the National Cyber Security Alliance (NCSA). He said it’s clear that cyber threats are here to stay. That’s whether you are a business, government agency or a third-party vendor.
NCSA’s Kevin Coleman
“It is clear that the U.S. is a prime target for bad actors, and as recent successful attacks have underlined, more needs to be done in order to fortify our cyberattack prevention, detection and response efforts,” he said.
The hackers’ emails looked to be …
Session expired
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.