Microsoft says group behind SolarWinds hack now targets government agencies and NGOs

May 28 (Reuters) – The group behind the SolarWinds (SWI.N) cyberattack identified late last year is now targeting government agencies, think tanks, consultants and non-governmental organisations, a Microsoft Corp (MSFT.O) said Thursday.

“This week, we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants and non-governmental organizations,” Microsoft said in a blog post.

Nobelium, from Russia, is the same actor behind attacks on SolarWinds customers in 2020, according to Microsoft.

Join now for FREE unlimited access to Reuters.com

Register

The comments come weeks after a May 7 ransomware attack on Colonial Pipeline shut down the largest network of fuel pipelines in the United States for several days, disrupting the country’s supply.

“This wave of attacks targeted approximately 3,000 email accounts in more than 150 different organizations,” Microsoft said Thursday.

While organizations in the United States received the largest share of attacks, targeted victims came from at least 24 countries, Microsoft said.

At least a quarter of the targeted organizations were involved in international development, humanitarian issues and human rights, Microsoft said in the blog post.

Nobelium launched the attacks this week by breaking into an email marketing account used by the United States Agency for International Development (USAID) and from there launching phishing attacks against numerous other organizations. , Microsoft said.

In statements released Friday, the Department of Homeland Security and USAID both said they were aware of the hack and were investigating.

The hack of information technology company SolarWinds, which was identified in December, gave access to thousands of companies and government offices that used its products. Microsoft President Brad Smith described the attack as “the largest, most sophisticated attack the world has ever seen.” Read more

This month, Russia’s spy chief denied responsibility for the SolarWinds cyberattack, but said he was “flattered” by accusations from the United States and Britain that Russian foreign intelligence services were at the origin of such sophisticated hacking.

The US and Britain blamed Russia’s Foreign Intelligence Service (SVR), the successor to the KGB’s foreign spy operations, for the hack that compromised nine US federal agencies and hundreds of private sector companies .

The attacks disclosed by Microsoft on Thursday appeared to be a continuation of multiple efforts to target government agencies involved in foreign policy as part of intelligence-gathering efforts, Microsoft said.

The company said it was in the process of notifying all of its targeted customers and that it had “no reason to believe” the attacks involved any exploit or vulnerability in Microsoft’s products or services.

Join now for FREE unlimited access to Reuters.com

Register

Reporting by Kanishka Singh and Sabahatjahan Contractor in Bengaluru; edited by Robert Birsel

Our standards: The Thomson Reuters Trust Principles.

Ashley C. Reynolds