WhitehatGuru
Date: 28th May 2021
Severity: High
In an incident that has left the Washington baffled, Microsoft Vice President Tom Burt announced that about 3000 email accounts across 24 countries at over 150 organizations were targeted in the wave of attacks, including phishing lure in USAID email by hackers using the name of Donald Trump.
This attack took place just a weeks before President Joe Biden meeting up Russian President Vladimir Putin, when the United States was targeted by hackers with suspected ties to Russia. Nobelium has been identified as Threat Actor by Microsoft as the group that carried out the cyberattacks, wherein the same group behind the SolarWinds attack last year.
Tom Burt, Microsoft’s corporate vice president of customer security & trust, said, “These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts.”
A potential compromise had taken place at USAID through an email marketing platform and the victims of this attack are working closely with the FBI and USAID to comprehend the extent of the compromise and assist future victims.
As per the reports, the people who clicked on the link, they were sent to a legitimate service by Constant Contact, a marketing company. Furthermore, they were then redirected to a file that was part of the Nobelium-controlled infrastructure. This means those who clicked on the DLL file would download a backdoor that gave Nobelium access to the user’s system.