Russian hack targeted USAID, human rights groups, Microsoft says

Tech giant’s corporate vice president says a quarter of those targeted were involved in development, human rights and humanitarian work.

The state-backed Russian cyber-spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on US and foreign government agencies and think tanks, according to Microsoft [File: J David Ake/The Associated Press]

Russian hackers behind the SolarWinds cyberattack, a huge campaign that saw the widespread hacking of several United States federal agencies, have launched a new round of attacks targeting “government agencies, think tanks, consultants, and non-governmental organizations”, according to Microsoft.

This week’s wave of attacks by the Nobelium group targeted about 3,000 email accounts of more than 150 organisations spanning 24 countries, with the largest share of the attack targeting the US, Tom Burt, the tech giant’s corporate vice president, wrote in a blog post on Thursday.

Notably, the Russian group was able to gain access to an email marketing account used by the State Department’s international aid agency, USAID, from which it targeted other organisations.

The New York Times reported the breach appears to target the type of groups who have revealed Russian attacks on dissidents or have been vocal about the alleged state poisoning of prominent Russian opposition figure Alexey Navalny.

“At least a quarter of the targeted organisations were involved in international development, humanitarian, and human rights work,” Burt wrote.

“This is yet another example of how cyberattacks have become the tool of choice for a growing number of nation-states to accomplish a wide variety of political objectives, with the focus of these attacks by Nobelium on human rights and humanitarian organizations.”

The US government has explicitly linked the SolarWinds attack to Russia’s intelligence service, the SVR, and imposed sanctions on 32 Russian entities and expelled diplomats in April. The agency was also allegedly involved in the 2016 hacking of the Democratic National Convention.

After going undetected for months, the SolarWinds breach was identified by the private security company FireEye in December, underscoring the increased sophistication of the operation, which was named after a US-based company that develops system management software for use in businesses and organisations.

Breaches at the Treasury Department, National Telecommunications and Information Administration and Department of Commerce, among other agencies, sent shock waves through the US intelligence community.

Microsoft President Brad Smith previously described the SolarWinds hack as “the largest and most sophisticated attack the world has ever seen”.

Russia’s spy chief has denied responsibility for the breach, but said he was “flattered” by the accusations from the US and the UK that Russian foreign intelligence was behind such a sophisticated cyber-operation.

Source: Al Jazeera