Russian group behind SolarWinds spy campaign launches new cyber-attacks

Russian hackers behind the SolarWinds spy campaign have launched a new wave of global cyber-attacks by hijacking an e-mail system used by the US government agency.

US Technology Company he said The group launched attacks this year targeting 3,000 e-mail accounts in more than 150 government agencies, research centers, consulting firms and NGOs.

Microsoft has been pursuing efforts since January, but the attacks has intensified This week, after hackers hijacked a massive e-mail system called Constant Contact, the United States Agency for International Development (USAID) emerged. They used it to launch a malicious email or phishing campaign that allowed hackers to carry out “a wide range of activities, from data theft to infecting other computers on the network” if the recipient clicked on the message link.

The scheme, which Microsoft called an “active incident,” focused mainly on the United States but covered at least 24 countries. At least a quarter of those targeted were involved in international development, humanitarian and human rights work.

The company attributed the attacks to the same Russian group that carried out the spread SolarWinds spy campaign It was discovered last year when hackers hijacked software made by a Texas-based company to gain access to U.S. Treasury departments as well as other local and federal agencies. In: Said the White House Last month, the group was part of Russia’s foreign intelligence service.

US President Biden has faced calls to boost the country’s cyber defense following a recent campaign. State-sponsored spy campaign in China which exploited the vulnerabilities of Microsoft’s email software և the attack on the United States oil pipeline company by a criminal group this month.

Biden administration imposed sanctions Russian և: signed an executive decree demanding higher cybersecurity standards for federal agencies and their technology software providers this month.

Microsoft said that “many of the targets targeted to customers” were blocked because automated systems marked emails as spam and prevented malicious software from accessing them.

It is not clear whether any organization was violated despite these security measures. Microsoft declined to comment.

Tom Burt, vice president of corporate security and trust at Microsoft, said the latest attacks “seem to be [the hackers] target state agencies involved in foreign policy as part of their intelligence gathering efforts. ”

“When combined with an attack on SolarWinds, it is clear that this passage [the hackers’] “The schedule is to gain access to trusted technology providers, to infect their customers,” he added.

Constant Contact said it was “aware that one of our client’s account credentials has been compromised օգտագործվում being used by a malicious player to access a client’s Constant Contact accounts.”

“This is an isolated incident. We have temporarily shut down affected accounts while we work with our law enforcement client,” he added.

Daily newsletter

© Financial Times:

#techFT brings you news, commentary և analysis on the big companies, technologies և issues that drive this rapid transfer of industries from professionals around the world. Click here to get #techFT in your inbox.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button