Russian hackers resume US cyber offensive, Microsoft says

The Russian hackers behind the SolarWinds campaign escalated their attacks on US federal government agencies, think tanks and non-governmental organisations as part of intelligence gathering efforts with respect to their government, Microsoft said.

In a blog page post past due on Thursday, Microsoft vice president Tom Burt said earlier this week’s attack, which is ongoing, granted access to about 3,000 email accounts at a lot more than 150 organisations by infiltrating an electronic marketing service used by the US Agency for International Development (USAID), called Constant Contact.

The hackers distributed phishing emails, included in this “special alerts", declaring that former US president Donald Trump had published new records on election fraud, and inviting an individual to view them.

When clicked, a malicious data file was first inserted that the hackers could use to distribute a backdoor, granting them the opportunity to steal info and infect other personal computers on the network.

While US organisations bore the brunt of the attacks, victims in at least 24 different countries were affected, Mr Burt wrote.

The Cybersecurity and Infrastructure Protection Agency at the Department of Homeland Security posted news of the breach to its website and encouraged users to examine Microsoft’s reporting and “apply the required mitigations".

Massachusetts-based Continual Contact has made very little public comment.

Mr Burt said it had been clear that part of the hackers’ playbook was gaining usage of trusted companies to infect their clients.

Likewise, in the SolarWinds campaign discovered in December 2020, hackers installed malicious code in updates for software owned by Texas firm SolarWinds Corp, which was sent to thousands of its customers, including nine federal agencies and at least 100 companies.

Accessing computer software updates and mass email providers gives the hackers increased likelihood of “collateral damage found in espionage businesses and undermines trust in the technology ecosystem", Mr Burt said.

The US government said previous month that the SolarWinds hack was the work of SVR, the Russian foreign intelligence service, and said in addition, it went by the names of APT29, which according to British intelligence spent a lot of this past year hacking foreign governments for vaccine research, and Cozy Bear, that was mixed up in 2016 hack of the Democratic National Committee.

In April, US President Joe Biden gave an order for sanctions to be imposed against 32 Russian individuals and entities, including six companies that provide support to the Kremlin’s hacking operations.

The US also moved to expel 10 Russian diplomats working in Washington, including some intelligence officers. Mr Biden and Russian President Vladimir Putin will be set to meet up in Geneva on June 16.

Russia regards the allegations seeing that baseless and will not believe they will affect the talks, Kremlin spokesman Dmitry Peskov said on Fri.