Russian hackers target aid groups in new cyber-attack, says Microsoft

Published
image copyrightReuters
image captionMicrosoft said about 3,000 email accounts were targeted

Microsoft says another wave of Russian cyber-attacks has targeted government agencies and human rights groups in 24 countries, most in the US.

It said about 3,000 email accounts at more than 150 different organisations had been attacked this week.

The group responsible was the same one that carried out last year's SolarWinds attacks, which Russia's Foreign Intelligence Service (SVR) is accused of orchestrating, Microsoft said.

Russia has denied both cyber-attacks.

The Kremlin on Friday said it had no knowledge of the latest hacks, and called on the US tech giant to answer further questions, including how it was linked to Russia.

How were the new cyber-attacks mounted?

In a blog post published late on Thursday, Microsoft said the new attacks targeted government agencies involved in foreign policy as part of "intelligence gathering efforts".

It said at least a quarter of the organisations targeted were involved in international development, humanitarian and human rights work.

While most were in the US, targeted victims spanned at least 24 countries.

According to Microsoft, Nobelium, a group originating in Russia, launched this week's attacks by gaining access to an email marketing account used by the US federal government's aid agency, USAID.

Hackers then sent emails that looked authentic but included a link which, when clicked, inserted a malicious file enabling the stealing of data and infecting other computers on a network.

A spokesperson for the US Cybersecurity and Infrastructure Security Agency (Cisa) told CBS News authorities were aware of the attack and were trying "to better understand the extent of the compromise and assist potential victims".

Microsoft said many of the attacks targeting its customers were blocked automatically. It was not immediately clear how many of the attempts led to successful intrusions.

Last year, hackers used US company SolarWinds' Orion platform to target US government departments, about 100 private companies and small numbers of UK organisations. At the end, nearly 18,000 customers installed the malicious software.

The SVR was blamed by the UK and US for the hack. It has denied involvement.

Can this be stopped?

It was only last month that Washington took aim at Russia's hackers - calling out the SVR, it's foreign intelligence agency, for SolarWinds and issuing sanctions for its activity. And yet Moscow shows no sign of being deterred.

The head of the SVR told the BBC it had nothing to do with that last campaign, even suggesting America could have hacked itself. And now Microsoft has discovered a new campaign by the same group.

It may not be as sophisticated or stealthy as the last but it's very brazenness will be what concerns Washington.

It will further raise the question - with a summit between US President Joe Biden and his Russian counterpart Vladimir Putin in a few weeks - about whether anything can be done to contain this threat.

media captionRussia's spy chief Sergei Naryshkin speaks to the BBC in a rare interview about the SolarWinds Cyber attack

More on this story