ALL NEWS

Microsoft: SolarWinds hackers target 150 orgs with phishing

May 28, 2021, 9:45 AM
SolarWinds response leader...
FILE - This Aug. 4, 2009, file photo shows the United States Chamber of Commerce building in Washington. The White House says a senior national security official is leading the U.S. response to a massive breach of government departments and private corporations discovered late last year. The announcement that the deputy national security adviser for cyber and emergency technology, Anne Neuberger, has been in charge of the response to the SolarWinds hack follows congressional criticism of the government effort so far as “disorganized.” (AP Photo/Manuel Balce Ceneta, File)
(AP Photo/Manuel Balce Ceneta, File)

BOSTON (AP) — The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft says.

The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

It did not say what portion of the attempts may have led to successful intrusions but said many of those targeting Microsoft customers were blocked automatically. “We’re also in the process of notifying all of our customers who have been targeted,” Burt said.

The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft , said in a post that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”

Microsoft said in a separate, technical blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.

USAID and Constant Contact provided no additional detail on how the hackers gained access. USAID spokeswoman Pooja Jhunjhunwala said Friday that a forensic investigation was ongoing and the agency was working with the Cybersecurity and Infrastructure Security Agency. Constant Contact spokeswoman Kristen Andrews called it an “isolated incident,” with the impacted accounts temporarily disabled.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy. Easy to detect.

Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the supply chain of a trusted technology provider’s software updates; this campaign piggybacked on a mass email provider.

With both methods, the company said, the hackers undermine trust in the technology ecosystem.

As in the SolarWinds campaign, the exploit of the USAID marketing email was first publicized by private sector actors.

___

Associated Press writer Alan Suderman contributed from Richmond.

We want to hear from you.

Have a story idea or tip? Send it to the KSL NewsRadio team here.

Today’s Top Stories

All News

A bill that could make its way to the Utah legislature in the 2023 session would require school dis...
Mark Jones

Potential redesign of new Utah State Flag emphasizes Native American tribes

Sen. Dan McCay (R-Riverton) is sponsoring a bill that would call for a slight redesign of the new Utah State Flag.
24 hours ago
New Utah State Correctional Facility fails to give appropriate medication to inmates....
Mark Jones

Correctional officer assaulted at Utah State Correctional Facility

The Utah Department of Corrections says a correctional officer was assaulted Monday inside the Antelope Housing Unit at the Utah State Correctional Facility. The officer was hospitalized, but later released.
24 hours ago
As temperatures in the state plummet far below zero, advocates with Unsheltered Utah built an unsan...
Devin Oldroyd

Unsheltered Utah opens warming tent for unhoused people to escape frigid temperatures

As temperatures in the state plummet far below zero, advocates with Unsheltered Utah built an unsanctioned makeshift warming tent Monday.
24 hours ago
snow shovel driveway dialysis...
Mark Jones

Cold weather causes late start for Logan City School District Wednesday

The Logan City School District and the Cache County School District will be on two-hour late starts on Wednesday, Feb. 1.
24 hours ago
A pair of bills in the Utah Legislature address if and how Utah teens could use social media. One w...
Lindsay Aerts

Bill would require parental permission for Utah teens to use social media

Two bills circulating at the 2023 Utah Legislative Session involve social media, parents, and their teens. A group of tech CEOs opposes one.
24 hours ago
Centerville Police department...
Elizabeth Weiler

Centerville Police restate “guardian over warrior” mantra

"Our role in Centerville and in policing in general ... is as a Guardian instead of the Warrior" Sgt. Dingman said. "The relationships we build with the community and how they are treated by our officers is still a priority."
24 hours ago

Sponsored Articles

Banner with Cervical Cancer Awareness Realistic Ribbon...
Intermountain Health

Five Common Causes of Cervical Cancer – and What You Can Do to Lower Your Risk

January is National Cervical Cancer Awareness month and cancer experts at Intermountain Health are working to educate women about cervical cancer, the tests that can warn women about potential cancer, and the importance of vaccination.
Kid holding a cisco fish at winterfest...
Bear Lake Convention and Visitors Bureau

Get Ready for Fun at the 2023 Bear Lake Monster Winterfest

The Bear Lake Monster Winterfest is an annual weekend event jam-packed full of fun activities the whole family can enjoy. This year the event will be held from January 27-29 at the Utah Bear Lake State Park Marina and Sunrise Resort and Event Center in Garden City, Utah. 
happy friends with sparklers at christmas dinner...
Macey's

15 Easy Christmas Dinner Ideas

We’ve scoured the web for you and narrowed down a few of our favorite Christmas dinner ideas to make your planning easy. Choose from the dishes we’ve highlighted to plan your meal or start brainstorming your own meal plan a couple of weeks before to make sure you have time to shop and prepare.
Spicy Homemade Loaded Taters Tots...
Macey's

5 Game Day Snacks for the Whole Family (with recipes!)

Try these game day snacks to make watching football at home with your family feel like a special occasion. 
Happy joyful smiling casual satisfied woman learning and communicates in sign language online using...
Sorenson

The Best Tools for Deaf and Hard-of-Hearing Workplace Success

Here are some of the best resources to make your workplace work better for Deaf and hard-of-hearing employees.
Team supporters celebrating at a tailgate party...
Macey's

8 Delicious Tailgate Foods That Require Zero Prep Work

In a hurry? These 8 tailgate foods take zero prep work, so you can fuel up and get back to what matters most: getting hyped for your favorite
Microsoft: SolarWinds hackers target 150 orgs with phishing