SolarWinds hackers return and have acquired new targets

Get a free Techzine subscription!

Microsoft announced that the group behind the infamous SolarWinds hack identified last year is now targeting think tanks, NGOs, government agencies, and consultants. In a blog post, the software giant said that it observed cyber attacks by the threat actor Nobelium, aimed at the aforementioned targets.

Nobelium has its roots in Russia and is the same group that was behind the highly invasive SolarWinds attack of 2020.

These comments by Microsoft come weeks after a ransomware attack on May 7 crippled Colonial Pipeline and forced the United States’ largest fuel pipeline network to shut down for several days.

The attacks

Microsoft announced that the attacks it observed were aimed at about 3,000 email accounts and hit more than 150 different organizations. Many of the targeted ones are in the United States but 24 other countries were also on the map.

At least 1 out of 4 companies targeted is involved in international development, human rights, or humanitarian work, according to the blog post.

Nobelium launched the attacks this week by breaching an email marketing account used by the United States Agency for International Development (USAID) and then launched phishing attacks on other affiliated organizations.

The SolarWinds attack

Identified last year December, the attack was called one of the “largest and most sophisticated” attacks the world has ever seen by Microsoft’s President, Brad Smith. This month, Russia’s spymaster denied responsibility for the attack but said he was ‘flattered’ by the accusations from the US and Britain that his agency was behind the sophisticated attack.

The US and Britain both blame Russia for being behind the attack, pointing to Russia’s Foreign Intelligence Service (SVR), the successor to the KGB. Microsoft is notifying all of its targeted customers and confirmed that none of the exploitations or vulnerabilities has anything to do with its products.