Security News > 2021 > May > Russian gang behind SolarWinds hack returns with phishing attack disguised as mail from US aid agency
![Russian gang behind SolarWinds hack returns with phishing attack disguised as mail from US aid agency](/static/build/img/news/alt/cyberthreat-stats-medium.jpg)
Nobelium, the Russia-aligned gang identified as the perpetrators of the supply chain attack on SolarWinds' Orion software, has struck again, Microsoft vice president Tom Burt in a blogpost Thursday.
Burt's post says the attacks saw Nobelium gain access to accounts on the email marketing service "Constant Contact" operated by The United States Agency for International Development.
The attack is global, although most victims were in the US. The attacks targeted around 3,000 email accounts and 150 different organization, at least a quarter of which were in international development, humanitarian, and the human rights sphere.
Microsoft has detailed the attack in a separate post that explains its Threat Intelligence Center has observed the attack since January 2021 and spotted "Significant experimentation" but little impact.
That changed on May 25th when Nobelium started using Constant Contact and unleashed "Several iterations" of a phishing attack.
News of the new Russian action comes in the week that US president Biden announced a planned mid-June meeting with Russian president Vladimir Putin.
News URL
Related news
- US govt warns of pro-Russian hacktivists targeting water facilities (source)
- AI-driven phishing attacks deceive even the most aware users (source)
- Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks (source)
- LockBit leader unmasked: US charges Russian national (source)
- Monday.com removes "Share Update" feature abused for phishing attacks (source)
- Iran most likely to launch destructive cyber-attack against US – ex-Air Force intel analyst (source)
- US retailers under attack by gift card-thieving cyber gang (source)
- Russian indicted for selling access to US corporate networks (source)
- FlyingYeti phishing crew grounded after abominable Ukraine attacks (source)
- Russian hacktivists vow mass attacks against EU elections (source)