ALL NEWS

Microsoft: SolarWinds hackers target 150 orgs with phishing

May 28, 2021, 9:45 AM

SolarWinds response leader...

FILE - This Aug. 4, 2009, file photo shows the United States Chamber of Commerce building in Washington. The White House says a senior national security official is leading the U.S. response to a massive breach of government departments and private corporations discovered late last year. The announcement that the deputy national security adviser for cyber and emergency technology, Anne Neuberger, has been in charge of the response to the SolarWinds hack follows congressional criticism of the government effort so far as “disorganized.” (AP Photo/Manuel Balce Ceneta, File)

(AP Photo/Manuel Balce Ceneta, File)

BOSTON (AP) — The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft says.

The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

It did not say what portion of the attempts may have led to successful intrusions but said many of those targeting Microsoft customers were blocked automatically. “We’re also in the process of notifying all of our customers who have been targeted,” Burt said.

The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft , said in a post that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”

Microsoft said in a separate, technical blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.

USAID and Constant Contact provided no additional detail on how the hackers gained access. USAID spokeswoman Pooja Jhunjhunwala said Friday that a forensic investigation was ongoing and the agency was working with the Cybersecurity and Infrastructure Security Agency. Constant Contact spokeswoman Kristen Andrews called it an “isolated incident,” with the impacted accounts temporarily disabled.

While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy. Easy to detect.

Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the supply chain of a trusted technology provider’s software updates; this campaign piggybacked on a mass email provider.

With both methods, the company said, the hackers undermine trust in the technology ecosystem.

As in the SolarWinds campaign, the exploit of the USAID marketing email was first publicized by private sector actors.

___

Associated Press writer Alan Suderman contributed from Richmond.

We want to hear from you.

Have a story idea or tip? Send it to the KSL NewsRadio team here.

Today’s Top Stories

All News

The OLRGC released an analysis of the expected topics to be discussed during a special session of t...

Simone Seikaly

Extending state flooding emergency, firearm restrictions, among topics for Utah special session

The OLRGC released an analysis of the expected topics to be discussed during a special session of the legislature.

11 months ago

A video recorded by Facebook user Larry Jacquez shows the police response following the shooting in...

Jamiel Lynch, CNN     

At least 3 people killed and 2 officers wounded in a shooting in Farmington, New Mexico, police say

Multiple people were shot and at least three killed in a shooting in Farmington, New Mexico, police said in a Facebook post.

11 months ago

A new release from Intermountain Healthcare shows that younger adults are becoming more susceptible...

Waverly Golden

Younger adults are becoming more susceptible to strokes

A new release from Intermountain Healthcare shows that younger adults are becoming more susceptible to stroke.

11 months ago

If you plan to camp over Memorial Day Weekend, you may want to begin the planning process now....

Allessandra Harris

Camping over Memorial Day Weekend? Plan ahead

If you plan to camp over Memorial Day Weekend, you may want to begin the planning process now.

11 months ago

slcpd on the scene of the deaths...

Josh Ellis

Police: Teen killed by father in murder-suicide in SLC office building

Police responded to the office complex near 3000 S. Highland Drive on Saturday after emergency responders received a call from a community member who reported finding a body.

11 months ago

Melissa Coleman crouches next to her husband, , Brad Coleman, of North Ogden, who sits in a wheelch...

Jenny Carpenter, KSL.com

Young stroke victim survives with quick, lifesaving treatment in northern Utah

After a 36-year-old man had a stroke, he and his wife say to be aware of the signs of stroke and that young people are also at risk.

11 months ago

Sponsored Articles

close up of rose marvel saliva blooms in purple...

Shannon Cavalero

Drought Tolerant Perennials for Utah

The best drought tolerant plants for Utah can handle high elevations, alkaline soils, excessive exposure to wind, and use of secondary water.

Group of cheerful team members high fiving each other...

Visit Bear Lake

How To Plan a Business Retreat in Bear Lake This Spring

Are you wondering how to plan a business retreat this spring? Read our sample itinerary to plan a team getaway to Bear Lake.

Cheerful young woman writing an assignment while sitting at desk between two classmates during clas...

BYU EMBA at the Marriott School of Business

Hear it Firsthand: 6 Students Share Their Executive MBA Experience at BYU’s Marriott School of Business

The Executive MBA program at BYU offers great opportunities. Hear experiences straight from students enrolled in the program.

Skier being towed by a rider on a horse. Skijoring....

Bear Lake Convention and Visitors Bureau

Looking for a New Winter Activity? Try Skijoring in Bear Lake

Skijoring is when someone on skis is pulled by a horse, dog, animal, or motor vehicle. The driver leads the skiers through an obstacle course over jumps, hoops, and gates.

Banner with Cervical Cancer Awareness Realistic Ribbon...

Intermountain Health

Five Common Causes of Cervical Cancer – and What You Can Do to Lower Your Risk

January is National Cervical Cancer Awareness month and cancer experts at Intermountain Health are working to educate women about cervical cancer.

Kid holding a cisco fish at winterfest...

Bear Lake Convention and Visitors Bureau

Get Ready for Fun at the 2023 Bear Lake Monster Winterfest

The Bear Lake Monster Winterfest is an annual weekend event jam-packed full of fun activities the whole family can enjoy.

Microsoft: SolarWinds hackers target 150 orgs with phishing