Security News > 2021 > May > SolarWinds Hackers Impersonate U.S. Government Agency in New Attacks
The Russia-linked threat group believed to be behind the SolarWinds attack has been observed launching a new campaign this week.
The attacks have targeted the United States and other countries, and involve a legitimate mass mailing service and impersonation of a government agency.
The latest attacks were analyzed by Microsoft, which tracks the threat actor as Nobelium, and by incident response firm Volexity, which has found some links to APT29, a notorious cyberspy group previously linked to Russia.
For this attack, Nobelium managed to compromise the Constant Contact account of the United States Agency for International Development, which is responsible for civilian foreign aid and development assistance.
Constant Contact is an email marketing service, and by compromising the Constant Contact account of USAID the attackers were able to send out legitimate-looking emails containing malicious links.
Microsoft said its security solutions blocked many of the attacks aimed at its customers and the tech giant has started notifying targets.
News URL
Related news
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)
- SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)