Security News > 2021 > May > Microsoft: Russian SVR hackers target govt agencies from 24 countries
The Microsoft Threat Intelligence Center has discovered that the Russian-backed hackers behind the SolarWinds supply-chain attack are now coordinating an ongoing phishing campaign targeting government agencies worldwide.
"While organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries."
The threat actors behind these attacks, a hacking group tracked as Nobelium by Microsoft and likely backed by the Russian government, sent the phishing emails using USAID's compromised Constant Contact account.
Cybersecurity company Volexity also published a report linking this phishing campaign with Russian Foreign Intelligence Service operators based on tactics previously used in attacks going back to 2018.
More details, including the attackers' motivation, the malicious behavior observed by Microsoft during the attacks, and best practices to defend against this ongoing campaign, can be found in MSTIC's report.
In December, the SolarWinds network management company was breached in a cyberattack that allowed the attackers to launch a supply chain attack targeting the company's customers.
News URL
Related news
- Russian-Linked Hackers Target Eastern European NGOs and Media (source)
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web (source)
- Russian laundering millions for Lazarus hackers arrested in Argentina (source)
- Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors (source)
- Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack (source)
- New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)