A group of Russian hackers targeted the U.S. and at least 23 other countries in a wave of cyberattacks this week, affecting around 3000 email accounts and 150 different organizations, according to a statement from Microsoft.
The actor behind this wave of attacks, Nobelium, originating from Russia, was also responsible for a cyberattack on SolarWinds customers last year, Microsoft stated Thursday.
These attacks are a part of “intelligence gathering efforts” by Nobelium, which continues targeting government agencies involved in foreign policy, Microsoft added.
Russia has denied involvement in both the 2020 and the current wave of cyberattacks, according to BBC.
The Kremlin stated that it has no knowledge of the most recent attacks, and it called on Microsoft to answer further questions on how they were linked to Russia, BBC reported.
Nobelium launched the attacks by gaining access to an email marketing service used by the United States Agency for International Development (USAID), which Nobelium used to send authentic-looking phishing emails, according to Microsoft.
These emails contained a malicious file called NativeZone, that “could enable a wide range of activities from stealing data to infecting other computers on a network,” Microsoft added.
“We are aware of the potential compromise at USAID through an email marketing platform and are working with the FBI and USAID to better understand the extent of the compromise and assist potential victims,” the US Cybersecurity and Infrastructure Security Agency (CISA) spokesperson told CBS News.
Many attacks were blocked automatically, and the company is in the process of notifying all the targeted customers, Microsoft stated. (RELATED: Colonial Pipeline Is Back In Business Following Cyberattack)
The situation is described as “an active incident” in a blog post of the Microsoft Threat Intelligence Center (MSTIC).
While this most recent wave of attacks escalated on May 25, it was initially observed and tracked since January 2021, MSTIC added.