Tech

Russian Hackers Target US Organizations In New Cyberattack, Microsoft Says

Bill Gates Steps Down From Microsoft's Board

(Photo by Jeenah Moon/Getty Images)

Luka Bulatovic Contributor
Font Size:

A group of Russian hackers targeted the U.S. and at least 23 other countries in a wave of cyberattacks this week, affecting around 3000 email accounts and 150 different organizations, according to a statement from Microsoft.

The actor behind this wave of attacks, Nobelium, originating from Russia, was also responsible for a cyberattack on SolarWinds customers last year, Microsoft stated Thursday.

These attacks are a part of “intelligence gathering efforts” by Nobelium, which continues targeting government agencies involved in foreign policy, Microsoft added.

HAMBURG, GERMANY - DECEMBER 28: Participant hold their laptops in front of an illuminated wall at the annual Chaos Computer Club (CCC) computer hackers' congress, called 29C3, on December 28, 2012 in Hamburg, Germany. The 29th Chaos Communication Congress (29C3) attracts hundreds of participants worldwide annually to engage in workshops and lectures discussing the role of technology in society and its future. (Photo by Patrick Lux/Getty Images)

HAMBURG, GERMANY – DECEMBER 28: Participant hold their laptops in front of an illuminated wall at the annual Chaos Computer Club (CCC) computer hackers’ congress, called 29C3, on December 28, 2012 in Hamburg, Germany. (Photo by Patrick Lux/Getty Images)

Russia has denied involvement in both the 2020 and the current wave of cyberattacks, according to BBC.

The Kremlin stated that it has no knowledge of the most recent attacks, and it called on Microsoft to answer further questions on how they were linked to Russia, BBC reported.

Nobelium launched the attacks by gaining access to an email marketing service used by the United States Agency for International Development (USAID), which Nobelium used to send authentic-looking phishing emails, according to Microsoft.

These emails contained a malicious file called NativeZone, that “could enable a wide range of activities from stealing data to infecting other computers on a network,” Microsoft added.

“We are aware of the potential compromise at USAID through an email marketing platform and are working with the FBI and USAID to better understand the extent of the compromise and assist potential victims,” the US Cybersecurity and Infrastructure Security Agency (CISA) spokesperson told CBS News.

Many attacks were blocked automatically, and the company is in the process of notifying all the targeted customers, Microsoft stated. (RELATED: Colonial Pipeline Is Back In Business Following Cyberattack)

The situation is described as “an active incident” in a blog post of the Microsoft Threat Intelligence Center (MSTIC).

While this most recent wave of attacks escalated on May 25, it was initially observed and tracked since January 2021, MSTIC added.