Microsoft warns of cyber attacks. (Photo: The Art Of Pics / Shutterstock)
The email accounts of around 150 government agencies, think tanks, consulting firms and NGOs have been affected by a phishing attack. Microsoft announced this in a blog post. Behind it is Nobelium, the same group as behind the solar winds hack in autumn.
The organizations concerned are spread over 24 countries, most of them are based in the USA. At least a quarter of the organizations are active in the field of humanitarian development aid.
Phishing emails from the authorities account
The attackers would initially have access to Established contacts for the US Agency for International Development Cooperation. To do this, they had hijacked the authority’s account at the online marketing company Constant Contact and sent phishing emails from there.
One in these The link sent by mail referred to a file with a back door that the hackers could use to steal data as well as infect other computers.
Many of the mails were automatically blocked. In addition, the potentially affected devices are protected from the malware by Windows Defender. Therefore there is currently no evidence of actual damage.
Microsoft calls for “rules for cyberspace”
Although the hackers were unsuccessful in this case, Microsoft considers the attack to be relevant in light of the Solarwinds hack. Because in the meantime Nobelium’s strategy of gaining access to technology providers and infecting their customers is becoming clear. This increases the risk of collateral damage and a loss of confidence in technical infrastructure.
In addition, Microsoft draws a parallel between the activities of Nobelium and the political interests of Russia . State-controlled hacker attacks cannot be ignored. Microsoft calls for clear rules for nation states in cyberspace and the consequences of violating these rules.
In April, the US government had the Russian foreign intelligence service SWR for the Solar winds hack blamed. The Kremlin rejected the allegations.
