phishing email (Abscent/Shutterstock.com)

SolarWinds hackers launch phishing attack

The threat actors behind the SolarWinds attacks have launched a wide-scale email phishing campaign, according to Microsoft. In some cases, the attackers disguised their phishing emails to look as though they came from the U.S. Agency for International Development.

The group, which Microsoft calls Nobelium, historically targets government organizations, think tanks, military, IT service providers, health technology and research institutions and telecommunications companies, according to Microsoft's blog post. The company's threat intelligence team has been tracking the group's email campaign since early this year.

On May 25 Nobelium leveraged Constant Contact, a legitimate mass-mailing service, to “distribute malicious URLs to a wide variety of organizations and industry verticals," Microsoft wrote.

Nobelium allegedly targeted around 3,000 accounts of individuals at 150 different organizations. Most, but not all, of those emails were likely blocked and marked as spam. Microsoft also wrote the notable changes in Nobelium's tactics likely reflect the group's desire and ability to evolve its tradecraft since its campaign against SolarWinds was discovered in 2020.

The Cybersecurity and Infrastructure Security Agency published a short alert May 28 notifying public and private companies of Microsoft's discovery.

"May this serve as a reminder that espionage is unlikely to be deterred," John Hultquist, an executive at FireEye, tweeted on Friday of the campaign. "A loud operation following on the heels of SolarWinds is not an act of contrition."

This article was first posted to FCW, a sibling site to GCN.

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.


Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected