Hackers with suspected ties to the Russian government launched new assaults on human rights groups and government agencies, including email accounts used by the State Department's international aid agency, Microsoft revealed late Thursday.
Microsoft Vice President Tom Burt disclosed the breach in a blog post, saying the "wave of attacks" targeted about 3,000 email accounts – across 24 countries – at more than 150 organizations involved in international development and humanitarian work.
The U.S. received the largest share of attacks, Burt said.
The discovery of the cyberattack comes just a few weeks before President Joe Biden is due to meet with Russia's President Vladimir Putin at a summit in Geneva and adds to the growing list of complaints Biden is likely to bring up with Putin in Switzerland.
Geneva summit: Biden to meet with Putin on June 16 in Switzerland
"These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts," Burt, who is Microsoft's vice president of customer security and trust, wrote in the post.
Microsoft said Nobelium is the same group responsible for the SolarWinds hack, a sweeping cyberattack that compromised at least half a dozen U.S. federal agencies including the Department of Homeland Security and Energy Department, as well as thousands of companies in the private sector. U.S. intelligence agencies believe the SolarWinds hack is the work of SVR, Russia's Foreign Intelligence Service.
Biden last month expelled Russian diplomats and announced new sanctions on Russia in retaliation for the massive SolarWinds hacking operation, which began in early 2020 but was only discovered in December that same year. GCHQ, Britain's National Cyber Security Centre, also believes the Kremlin was likely behind the SolarWinds breach.
Russia denies any involvement in the SolarWinds hack, but SVR director Sergei Naryshkin said in mid-May that he was "flattered" by the accusations from Washington and London. Russia has not commented on the new Nobelium hacking allegations.
SolarWinds:Russia expels US diplomats in response to Washington's similar action
Microsoft did not disclose whether the new breach by Nobelium was ultimately successful. However, it said the cyberattack operation involved sending phishing emails that made to resemble legitimate ones, but engineered to deliver harmful files.
The assault appeared largely aimed at U.S. and international humanitarian think tanks, consultancies and agencies who have been critical of Russia's crackdown on democracy activists such as Alexey Navalny, who was jailed in Russia in February for breaking parole conditions despite being in Germany where he was receiving treatment for poisoning with a Russian-made military grade nerve agent called Novichok.
'Putin is turning his main threat into a martyr':'Will Russia's attack on Alexei Navalny, journalists and 5,700 detained Russians backfire?
In one example of the attempted phishing breach highlighted by Microsoft, an email that appears to originate from a USAID email account claims that "Donald Trump has published new emails on election fraud." If the recipient of that email were to click on the link supplied it would place malicious files on the user's computer, Microsoft said.
The technology giant said Nobelium was able to launch the new assault after gaining access to an email marketing service used by USAID, or the United States Agency for International Development. USAID is the main American government agency responsible for delivering foreign civilian aid and development assistance. It is an independent agency, but formally administered by the State Department.
USAID could not immediately be reached for comment or for more detail about the breach. The Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, also could not immediately be reached for comment.
The White House has not commented.
Terry Thompson, an expert in cybersecurity at Johns Hopkins University, described the suspected state-sponsored SolarWinds hack as "one of the most devastating cyberattacks in history." But the U.S. has also been contending with what appears to be increasingly bold assaults from private Russia-based cyberattack gangs.
The FBI believes, for example, that the main culprit of a ransomware attack called DarkSide that in early May shutdown Colonial Pipeline, the U.S.'s largest fuel pipeline, is a Russian cybercrime criminal network that operates by the same name.
The scheduled June 16 face-to-face encounter between Biden and Putin in Switzerland will take place against the backdrop of a long tense relationship between Washington and Moscow that is off to a rocky start under the Biden administration.
White House press secretary Jen Psaki said no formal preconditions or talking points have been set for the meeting. However, in addition to allegations over the Kremlins's tacit or explicit endorsement of hacking attacks, the agenda will almost certainly extend to Russia's territorial aggressions in neighboring Ukraine, a forced diversion this week of a Lithuania-bound commercial flight by Russian-ally Belarus so that the latter could arrest a dissident-journalist, and Navalny's ongoing detention.
Opinion:To face Russia and Vladimir Putin, Joe Biden needs a smart strategy
The summit is likely also to touch on Russia's work on a gas pipeline called Nord Stream 2 that the U.S. has determined is a threat to European energy security, efforts by both nations to stem the coronavirus pandemic, and assessments by U.S. intelligence agencies that Russia is the main suspect in connection with a group of U.S. diplomats and government employees suffering from "Havana Syndrome," a mysterious neurological condition whose symptoms include headaches, tinnitus and balance issues.
The syndrome, potentially the result of directed microwave energy, was first discovered at the U.S. embassy in Cuba. Russia adamantly denies any involvement.
Source link