The company said that at least a quarter of the targeted organizations were those who work in international development and human rights or humanitarian work
Tech giant Microsoft, today, warned of a cyberattack possibly orchestrated by cybercriminals from Russia. The company said that the threat actor’s name was Nobelium and it’s targeting government agencies, think tanks, consultants and non-governmental organizations (NGOs). “This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations," the company said in a blog post.
Further, the company said that at least a quarter of the targeted organizations were those who work in international development and human rights or humanitarian work. “Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020," the company said.
The SolarWinds attack first began in 2020 and continued almost all through the year. It was found in December 2020 by security firm FireEye. The hackers snuck malicious code into a software called Orion, using it to compromise many organizations, including nine US government agencies. The Nobelium attack tries the same with “trusted technology providers" to infect their customers.
“Nobelium launched this week’s attacks by gaining access to the Constant Contact account of USAID. Constant Contact is a service used for email marketing. From there, the actor was able to distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call NativeZone," Microsoft explained in its post. The company said this could help the hackers to “enable a wide range of activities" which includes stealing data, infecting other computers on a network and more.
However, the company also noted that Windows Defender, the anti-malware program that’s pre-installed on Windows, was able to stop attacks on its customers. It said it was in the process of notifying its customers, but this may come as good news for users since Windows Malware is pre-installed on all machines running official Windows.