Security News > 2021 > May > CISA-FBI Alert: 350 Organizations Targeted in Attack Abusing Email Marketing Service

An alert released on Friday by the FBI and the DHS's Cybersecurity and Infrastructure Security Agency revealed that the number of organizations targeted in a recent attack abusing a legitimate email marketing service was higher than initially reported.
Microsoft reported last week that the Russia-linked threat actor it tracks as Nobelium, which is believed to be responsible for the SolarWinds supply chain attack, had been abusing a legitimate mass email service named Constant Contact to target government and other types of organizations in the United States and a dozen other countries.
According to the FBI and CISA, the attackers actually sent spear-phishing emails to over 7,000 accounts at 350 organizations, including government, non-governmental and intergovernmental organizations.
In their joint alert, CISA and the FBI acknowledge the reports linking the USAID-themed attack to APT29, but the agencies say they have yet to attribute the campaign to any threat actor.
In their alert, the two agencies don't mention the link to the SolarWinds attack and they don't name the government agency being impersonated.
CISA and the FBI have shared indicators of compromise that organizations can use to detect attacks.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- CISA and FBI: Ghost ransomware breached orgs in 70 countries (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- CISA flags Craft CMS code injection flaw as exploited in attacks (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- ClickFix attack delivers infostealers, RATs in fake Booking.com emails (source)
- Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware (source)
- CISA tags NAKIVO backup flaw as actively exploited in attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)