The Russian hackers behind last year’s massive SolarWinds data breach are back in action — and have targeted more than 150 organizations this week, according to Microsoft.
The group, known as Nobelium, has targeted government agencies, think tanks, consultants and non-governmental organizations, Microsoft said. The majority of the victims are located in the US, but organizations in 24 countries have been targeted, according to the company.
Emails appeared to originate from USAID while having an authentic sender email address that matches the standard Constant Contact service.Microsoft
This week’s attack reportedly escalated after the hackers gained access to an online email marketing account used by the United States Agency for International Development, the foreign aid and development assistance arm of the federal government.
The hackers then used the mass-emailing marketing service Constant Contact on Tuesday to imitate the agency and “distribute malicious URLs to a wide variety of organizations and industry verticals,” Microsoft said in a Thursday blog post, adding