(ETH) – The Russian-based group behind the SolarWinds hack has launched a new campaign that appears to target government agencies, think tanks, and non-governmental organizations, researchers said Thursday.
The prolific hacker group, which Microsoft refers to as Nobelium and is widely believed to be run by Russia’s Foreign Intelligence Service, or SVR, launched the current attacks after getting access to an email marketing service used by the U.S. Agency for International Development, or USAID, according to Microsoft.
“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Tom Burt, Microsoft vice president of customer security and trust, wrote in a blog post.
The campaign, which Microsoft called an active incident, targeted 3,000 email accounts across 150 organizations, mostly in the United States, he said. But the targets are in at least 24 countries. At least a quarter of the targeted organizations are said to be involved in missions including international development and human rights work.
The effort involved sending phishing emails. Cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft, wrote in a blog post that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”
The Russian Ministry of Foreign Affairs didn’t immediately respond to a request for comment. SVR Director Sergei Naryshkin has previously mocked the U.S. and the U.K. governments’ claims that his agency was responsible for the SolarWinds hack. READ MORE