Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Nobelium: Hacking group behind massive SolarWinds attack has struck again, Microsoft says

Russia denies any knowledge of the attacks

Graig Graziosi
Friday 28 May 2021 12:10 EDT
Comments
Cybersecurity USAID Phishing
Cybersecurity USAID Phishing (Copyright 2021 The Associated Press. All rights reserved.)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The Russian hacking group suspected of carrying out last year's massive SolarWinds hack has reportedly carried out a second attack.

Microsoft published a blog post on Thursday saying the group, called Nobelium, had targeted more than 150 organisations across the world last week. Its targets included government agencies, think tanks, and nongovernmental organisations.

The software company said the hackers sent phishing emails – which are meant to trick users into clicking on them before offloading malicious software onto a target device – to more than 3,000 email accounts.

A Microsoft spokesman said the organisations targeted primarily deal with international development or humanitarian and human rights work.

“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Tom Burt, Microsoft's corporate vice president of customer security and trust, said.

The attacks affected organisations in at least 24 countries, though the US received the bulk of the attacks.

Last month, the US government laid blame for the SolarWinds hack on Russia's SVR, the successor agency to the Soviet-era KGB.

The Kremlin has predictably denied any knowledge or involvement in the cyberattacks, and has demanded that Microsoft prove that Russia is somehow connected to the hacks.

Despite denying any involvement, Russia’s spy chief said he was “flattered” that the US and UK were suggesting his operatives were behind the highly sophisticated attacks.

Nobelium reportedly gained access to a US Agency for International Development email marketing list, which is maintained on a platform called Constant Contact.

The hackers used USAID's list to send out its thousands of phishing emails.

A spokesperson for Constant Contact told CNBC that the company was aware of the attack.

“This is an isolated incident, and we have temporarily disabled the impacted accounts while we work in cooperation with our customer, who is working with law enforcement,” they said.

Microsoft President Brad Smith described the attacks as “the largest and most sophisticated attack the world has ever seen.”

The breach is the latest hack to make national headlines.

In addition to the SolarWinds attacks last year, a cyberattack from a group called DarkSide sparked gas shortages in the US after it compromised the networks of Colonial Pipeline, which provides fuel to almost half of the East Coast.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in