The cyberespionage group behind the SolarWinds cyberattack is reportedly attacking government organisations, think tanks, consultants, and non-governmental organisations, said Microsoft Corporation on Thursday, 27 May.
The hacking group, dubbed as 'Nobelium', has originated from Russia, and is the same actor behind the sophisticated attacks on SolarWinds customers in 2020, according to Microsoft.
In a blog, the tech giant said that “This week, we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organisations.”
“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organisations,” Microsoft said.
The news of the attack comes only three weeks before US President Joe Biden is scheduled to meet Russia’s President Vladimir Putin in Geneva, and at a moment of increased tension between the two nations because of the increasingly sophisticated cyberattacks emanating from Russia.
What Was the SolarWinds Hack?
On 8 December 2020, FireEye, a firm that helps with security management of several big private companies and federal government agencies said that a state-sponsored attack (without naming Russia) primarily sought information related to certain government customers by targeting a third-party vendor, which supplies software to government and tech companies.
The target was an IT management software called Orion, supplied by the Texas-based company SolarWinds.
Orion is a dominant software and has been used by 33,000 companies. SolarWinds said that 18,000 of its clients were impacted.
According to a report by Reuters, emails sent by Department of Homeland Security officials were also “monitored by the hackers”.
Microsoft president Brad Smith confirmed the SolarWinds attack as well and notified more than 40 customers that the attackers targeted more precisely and compromised.
What Happened Now?
Nobelium, the hacking group responsible for SolarWinds attack broke into an email marketing account used by the United States Agency for International Development (USAID) this week and launched several phishing attacks on many other organisations, Microsoft said.
Microsoft President Brad Smith described the attack as “the largest and most sophisticated attack the world has ever seen.”
However, Russia’s spy chief denied any responsibility for the SolarWinds cyberattack but mocked that it was “flattered” by the accusations from the United States and Britain that Russian foreign intelligence was behind such a sophisticated hack.
The attacks disclosed by Microsoft on Thursday appeared to be a continuation of multiple efforts to target government agencies involved in foreign policy as part of intelligence gathering efforts, Microsoft said.
Tensions Escalate Between US and Russia
The White House has placed a range of new restrictions on Russian individuals and assets, including restrictions on purchasing Russia’s sovereign debt, this will make it more difficult for Russia to raise money and support its currency.
US Treasury Secretary Janet L Yellen said, “This is the start of a new US campaign against Russian malign behaviour,” at the time.
Biden said two weeks ago that “we have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks.”
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)