Microsoft claims Russian hackers compromised U.S. international aid agency

Microsoft claims Russian hackers compromised U.S. international aid agency
AP Photo/Thibault Camus, file
Remove Ads

Hackers responsible for the intrusion on SolarWinds, which have been linked to Russia’s intelligence services, are now reported to have compromised an email system used by the U.S. State Department’s international aid agency, USAID. The breach in the email system is reported to have compromised the computer networks of human rights organizations and various U.S. government agencies.

Newsweek reports that Microsoft’s disclosure of the breach comes just weeks before President Joe Biden is set to meet Russian President Vladimir Putin in Geneva, Switzerland. In a blog post on Thursday, Microsoft said that it discovered a “wide-scale malicious email campaign” operated by Nobelium, a Russian hacking group responsible for the attack on SolarWinds and its customers last year.

Microsoft stated:

NOBELIUM has historically targeted government organizations, non-government organizations (NGOs), think tanks, military, IT service providers, health technology and research, and telecommunications providers. With this latest attack, NOBELIUM attempted to target approximately 3,000 individual accounts across more than 150 organizations, employing an established pattern of using unique infrastructure and tooling for each target, increasing their ability to remain undetected for a longer period of time.

The company states that it has been monitoring the hacking campaign since January, which has evolved over a series of waves “demonstrating significant experimentation” on part of the hackers. The campaign escalated on May 25, when Nobelium used a marketing account used by USAID to launch spear phishing attacks on numerous organizations to gain access to their data.

The latest attack targeted around 3,000 individual accounts across 150 organizations and originated from authentic USAID email addresses, Microsoft said.

Microsoft lists the attack as an “active incident” and urged organizations to investigate and monitor communications that match the characteristics of the attack described in the report. The company also prescribed a list of actions to help systems and network administrators deal with the ongoing issue.

The attack from Nobelium comes only weeks after a portion of the United States gas infrastructure was shut down when hackers from a group calling itself DarkSide hit Colonial Pipeline with a ransomware attack.

Remove Ads
Remove Ads

  • By Ezra Levant

Fight Vaccine Passports

A new civil liberties project — fighting against forced vaccines!

Get involved

Don't Get Censored

Big Tech is censoring us. Sign up so we can always stay in touch.

Remove Ads