By Michael Hernandez
WASHINGTON (AA) – A Russian hacker group known as Nobelium has launched another sweeping cyber attack, this time using the US Agency for International Development's (USAID) email system, Microsoft has said.
The attack, which is suspected of targeting 3,000 email accounts at over 150 different organizations, was carried out by the same hacking group behind the SolarWinds hack, Microsoft said in a blog post on Thursday.
The SolarWinds cyber attack, which used software updates to compromise thousands of computer systems, led to the US expelling 10 Russian diplomats from the country, and imposing sweeping sanctions on 32 Russians.
Nobelium's most recent attack used USAID's email system to launch a phishing attempt that targeted 3,000 email accounts at over 150 organizations in at least 24 countries. Human rights-focused think tanks, consultant groups and non-governmental organizations were among the targets.
The phishing emails appeared authentic, but had a link that downloaded a malicious file when it was clicked. It installed a backdoor to the computer system Microsoft calls "NativeZone" that "could enable a wide range of activities from stealing data to infecting other computers on a network."
Part of the reason behind the attack is to "gain access to trusted technology providers and infect their customers"
"By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem," Microsoft said.
"This is yet another example of how cyberattacks have become the tool of choice for a growing number of nation-states to accomplish a wide variety of political objectives, with the focus of these attacks by Nobelium on human rights and humanitarian organizations," it added.
Microsoft appealed for the international community to establish "clear rules governing nation-state conduct in cyberspace and clear expectations of the consequences for violation of those rules."