US hackers behind SolarWinds hack launch new attacks (Microsoft) - France 24

New York (AFP)

Russian cybercriminals behind a massive computer attack in the United States revealed in late 2020 have launched a new round of offensives against US government agencies, and more than 150 organizations, Microsoft said.

In a blog post published Thursday evening, cybersecurity researchers at Microsoft assured that a group, known as Nobelium, had stepped up efforts to target federal agencies linked to prominent US foreign policy. to steal sensitive information.

To carry out these attacks, which Microsoft describes as "sophisticated" and "large-scale", hackers resort to "phishing", a method of sending emails that appear genuine but contain malicious software that allows them to access victim data.

More than 3,000 email accounts have been targeted, said Tom Burt, vice president at Microsoft.

The announcement of the attacks comes a month after Washington imposed financial sanctions on Moscow and expelled Russian diplomats in response to the massive hack of computer management software publisher SolarWinds last year.

Washington accuses Russia of orchestrating this cyberattack, which affected up to 18,000 SolarWinds customers and more than 100 American companies, while Moscow denies any involvement.

The first summit between US President Joe Biden and his Russian counterpart Vladimir Putin will be held on June 16 in Geneva, Switzerland.

The similarities between the latest cyberattack and the offensive against SolarWinds make it clear that "Nobelium's strategy is to access reputable technology providers and infect their customers," says Burt.

"By taking advantage of software updates and now major email providers, Nobelium increases the chances of collateral damage in espionage activities and undermines trust in the technology ecosystem."

Microsoft specifies that the hackers succeeded in particular in seizing an email account of the United States Agency for International Development (USAID), hosted on the Constant Contact platform, and in sending fraudulent emails to numerous recipients.

One of the messages, purporting to be a "special alert", was intended to make it appear that "Donald Trump has released new documents on electoral fraud."

By clicking on the link, recipients were redirected to a site where hackers could install their malware.

"This attack is still ongoing and these examples should not be taken as exhaustive," Microsoft said.

© 2021 AFP