TECHNOLOGY

Microsoft: SolarWinds hackers target 150 orgs with phishing

May 28, 2021, 9:45 AM
SolarWinds response leader...
FILE - This Aug. 4, 2009, file photo shows the United States Chamber of Commerce building in Washington. The White House says a senior national security official is leading the U.S. response to a massive breach of government departments and private corporations discovered late last year. The announcement that the deputy national security adviser for cyber and emergency technology, Anne Neuberger, has been in charge of the response to the SolarWinds hack follows congressional criticism of the government effort so far as “disorganized.” (AP Photo/Manuel Balce Ceneta, File)
(AP Photo/Manuel Balce Ceneta, File)

BOSTON (AP) — The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft says.

The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

It did not say what portion of the attempts may have led to successful intrusions but said many of those targeting Microsoft customers were blocked automatically. “We’re also in the process of notifying all of our customers who have been targeted,” Burt said.

The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft , said in a post that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”

Microsoft said in a separate, technical blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.

USAID and Constant Contact provided no additional detail on how the hackers gained access. USAID spokeswoman Pooja Jhunjhunwala said Friday that a forensic investigation was ongoing and the agency was working with the Cybersecurity and Infrastructure Security Agency. Constant Contact spokeswoman Kristen Andrews called it an “isolated incident,” with the impacted accounts temporarily disabled.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy. Easy to detect.

Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the supply chain of a trusted technology provider’s software updates; this campaign piggybacked on a mass email provider.

With both methods, the company said, the hackers undermine trust in the technology ecosystem.

As in the SolarWinds campaign, the exploit of the USAID marketing email was first publicized by private sector actors.

___

Associated Press writer Alan Suderman contributed from Richmond.

Today’s Top Stories

Technology

Trucks are lined up for sale at Low Book Sales in Lindon on Thursday, Feb. 3, 2022. Most new vehicl...
Heather Kelly

Automatic emergency braking should only be used as a last resort

AAA of Utah says automatic emergency braking systems have limitations and should only be used as a last resort to prevent a crash.
3 days ago
Netflix gaming...
Catherine Thorbecke, CNN Business

Netflix to open its own video game studio as part of gaming pivot

The streaming giant is building its first in-house video game studio in Helsinki, Finland, as it expands its empire over mobile games.
4 days ago
(Photo courtesy of Salt_Verse on Twitter)...
Rachel Metz, CNN Business

This guy is using AI to make movies — and you can help decide what happens next

"Salt" resembles many science-fiction films from the '70s and early '80s. The way it was created points to what could be a new frontier for making movies.
7 days ago
Google googled phrases...
Aubri Wuthrich

A Google analysis shows which words are the most confusing to Americans

Americans use Google to define terms that are confusing for them, this study shows which terms are most commonly searched.
9 days ago
DWR law enforcement truck pictured. The Utah DWR will use drones to help with wildlife management...
Britt Johnson and Elizabeth Weiler

Utah Division of Wildlife Resources launches new drone law enforcement team

Utah has created its new drone law enforcement team, designed to get a better look at wildlife crimes like poaching and trespassing. 
10 days ago
emoticon history...
Jennifer Korn, CNN Business

The 40-year evolution from :-) to 😂, what emojis offer that words can’t

Today there are more than 3,600 emojis available for users to express their every emotion and effectively give our words a deeper meaning.
12 days ago

Sponsored Articles

Young woman receiving laser treatment...
Form Derm Spa

How facial plastic surgery and skincare are joining forces

Facial plastic surgery is not only about looking good but about feeling good too. The medical team at Form Spa are trained to help you reach your aesthetic outcomes through surgery and through skincare and dermatology, too.
large group of friends tohether in a park having fun...
BYU MBA at the Marriott School of Business

What differentiates BYU’s MBA program from other MBA programs

Commitment to service is at the heart of BYU’s MBA program, which makes it stand out among other MBA programs across the country.
a worker with a drill in an orange helmet installs a door in the house...
Price's Guaranteed Doors

Home improvement tip: Increase the value of your home by weatherproofing doors

Make sure your home is comfortable before the winter! Seasonal maintenance keeps your home up to date. Read our tips on weatherproofing doors.
Curb Appeal...
Price's Guaranteed Doors

How to have the best of both worlds for your house | Home security and curb appeal

Protect your home and improve its curb appeal with the latest security solutions like beautiful garage doors and increased security systems.
A paper reading IRS, internal revenue service is pictured...
Jordan Wilcox

The best strategies for dealing with IRS tax harassment | You have options!

Learn how to deal with IRS tax harassment. This guide will teach you how to stop IRS phone calls and letters, and how to handle an IRS audit.
spend a day at Bear Lake...
Bear Lake Convention and Visitors Bureau

You’ll love spending the day at Bear Lake | How to spend a day at Bear Lake

Bear Lake is a place that needs to be experienced. Spend a day at Bear Lake.
Microsoft: SolarWinds hackers target 150 orgs with phishing