Security News > 2021 > June > Feds seize two domains used by SolarWinds intruders for malware spear-phishing op

Uncle Sam on Tuesday said it had seized two web domains used to foist malware on victims using spoofed emails from the US Agency for International Development.

The malicious messages, masquerading as legitimate emails from USAID, went out to thousands of email accounts at over a hundred different organizations.

"Upon a recipient clicking on a spear-phishing email's hyperlink, the victim computer was directed to download malware from a sub-domain of theyardservice.com," the Justice Department said.

Microsoft attributed the attack to the Russia-aligned Nobelium/CozyBear/APT 29 group that's also blamed for the cyberattack on SolarWinds.

Sergei Naryshkin, director of Russia's SVR spy agency, recently denied Russia's involvement in the SolarWinds supply chain attack and blamed the US and UK. The US, perhaps because President Biden is preparing to meet with Russian president Vladimir Putin on June, 16, 2021 in Geneva, Switzerland, did not mention Russia or any suspected threat actor in its statement about the domain takedowns.

When Principal Deputy Press Secretary Karine Jean-Pierre was asked on Friday "How the latest reported hack that's attributed to Russia" might impact the upcoming summit, Jean-Pierre also made no mention of Russia and referred questions to USAID or CISA. On Tuesday, after meat processor JSB Foods told US authorities it had been hit with a ransomware attack, likely from Russia, Jean-Pierre said, "The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals."

News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/02/feds_seize_nobelium/