Publicado: 28/05/2021

Russian hackers of SolarWinds back on the attack

Russian hackers of SolarWinds back on the attack

Washington (AFP) -

The state-backed Russian group behind a massive hacking campaign revealed last year has re-emerged with a series of attacks on government agencies, think tanks, consultants and other organizations, according to officials and researchers.

A security update from Microsoft late Thursday said the group known as Nobelium has stepped up attacks, notably targeting government agencies involved in foreign policy as part of intelligence gathering efforts.

The US government's Cybersecurity and Infrastructure Security Agency posted a link to the Microsoft update and urged computer network administrators to 'apply the necessary mitigations.'

Microsoft said it detected a 'sophisticated' and large-scale campaign that delivered phishing emails delivering malicious software and enabling the hackers to get protected data from victims.

'This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations,' Microsoft vice president Tom Burt said in a blog post.

The news comes a month after Washington imposed sanctions and expelled Russian diplomats in response to Moscow's involvement in the massive attacks last year on SolarWinds, a security software firm, as well as for election interference and other hostile activity.

'When coupled with the attack on SolarWinds, it's clear that part of Nobelium?s playbook is to gain access to trusted technology providers and infect their customers,' wrote Burt.

'By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem.'

The new attacks enabled the hackers were able to gain access to email servers operated by the firm Constant Contact to be able spoof to the US Agency for International Development and send out mass emails with disinformation, according to the update.

In one example, emails appearing to be from USAID showed a 'special alert' stating that 'Donald Trump has published new documents on election fraud.'

Users who clicked on the link were directed to a site delivering malicious software and enabling the hackers to exfiltrate data, according to Microsoft.

- Attack is ongoing -

'This attack is still active, so these indicators should not be considered exhaustive for this observed activity,' Microsoft said in its update.

The security firm Volexity, which also published research on the hacking, said it appears 'the attacker is likely having some success in breaching targets.'

The security firm said in a blog post: 'While Volexity cannot say with certainty who is behind these attacks, it does believe it has the earmarks of a known threat actor it has dealt with on several previous occasions,' citing a Russian-based hacker group.

John Dickson of the security firm Denim Group said the latest attacks suggest the sanctions imposed by Washington are insufficient.

'I think the sanctions were a starting point and we need to ratchet them up,' Dickson told AFP.

Dickson said the various hacking operations from Russia 'are all different iterations of the same information operations' with Kremlin approval and that 'they're doing it without fear of retribution.'

SolarWinds last year disclosed that as many as 18,000 customers and more than 100 US companies were affected by the hack. Its roster of clients includes government agencies and companies among the top 500 in the United States.

Hackers used Orion to gain entry into networks, allowing them to swipe data and install malicious codes that served as 'backdoors' that could be used to sneak into systems as desired.

Washington has accused Russia of orchestrating the online assault, explicitly citing its Foreign Intelligence Service (SVR).

The hacking revelation comes as US President Joe Biden and Russian leader Vladimir Putin prepare for their first summit next month in Geneva.

The June 16 meeting will include discussions on 'the full range of pressing issues, as we seek to restore predictability and stability to the US-Russia relationship,' White House Press Secretary Jen Psaki said earlier this week.

Más en Zeta

El follón de las vacunas

09 June 2021
Con el follón de la vacunación clandestina y la investigación de la Procuraduría, los panameños esperan arrestos, nombres, y que se sepa de dónde salieron las vacunas. Cobraban doscientos balboasSí, eran doscientos balboas por vacuna de Pfizer. Si la vacunación hubiese sido en El Chorrillo y no ...

Prohibir las armas de asalto en EE.UU.

ZETA, (AMY GOODMAN-DENIS MOYNIHAN).- Las masacres ocurridas recientemente en la ciudad de Boulder, en Colorado, y en el área metropolitana de la ciudad de Atlanta, en Georgia, con un saldo de diez y ocho muertos, respectivamente, son solo dos casos más de la violencia sin sentido con armas de fue...

La justicia no tiene espacios para más desatinos

ZETA, (JEAN PIERRE LEIGNADIER*).-Las próximas dos semanas, este espacio abordará dos deficiencias estructurales que la Cámara de Comercio, Industrias y Agricultura de Panamá (CCIAP) ha planteado por más de dos quinquenios e insistimos deben ser atendidas de manera urgente para enrumbar nuestro de...

Libertad económica y libre empresa

ZETA, (JEAN PIERRE LEIGNADIER*).- Desde su fundación hace 105 años, la Cámara de Comercio, Industrias y Agricultura de Panamá ha tenido como unos de sus pilares la defensa de la libertad económica y la libre empresa como factores indispensables para el progreso sostenido y sostenible del país. E...

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.