New York (AFP)
Russian cybercriminals behind a massive computer attack in the United States revealed in late 2020 have launched a new round of offensives against US government agencies, and more than 150 organizations, Microsoft said.
In a blog post published Thursday evening, cybersecurity researchers at Microsoft assured that a group, known as Nobelium, had stepped up its efforts to attack federal agencies, but also think tanks and NGOs, linked to American foreign policy in order to steal sensitive information.
To carry out these attacks, which Microsoft describes as "sophisticated" and "large-scale", hackers resort to "phishing", a method of sending emails that appear genuine but contain malicious software that allows them to access victim data.
More than 3,000 email accounts have been targeted, said Tom Burt, vice president at Microsoft.
The announcement of the attacks comes a month after Washington imposed financial sanctions on Moscow and expelled Russian diplomats in response to the massive hack of computer management software publisher SolarWinds last year.
Washington accuses the Russian Foreign Intelligence Service (SVR) of orchestrating the cyberattack, which affected up to 18,000 SolarWinds customers and more than 100 US companies, while Moscow denies any involvement.
These tensions could be on the menu of the first summit between US President Joe Biden and his Russian counterpart Vladimir Putin, to be held on June 16 in Geneva, Switzerland.
- "Special alert" -
The similarities between the latest cyberattack and the offensive against SolarWinds make it clear that "Nobelium's strategy is to access reputable technology providers and infect their customers," says Burt.
"By taking advantage of software updates and now major email providers, Nobelium increases the chances of collateral damage in espionage activities and undermines trust in the technology ecosystem."
Microsoft specifies that the hackers succeeded in particular in seizing an email account of the United States Agency for International Development (USAID), hosted on the Constant Contact platform, and in sending fraudulent emails to numerous recipients.
One of the messages, purporting to be a "special alert", was intended to make it appear that "Donald Trump has released new documents on electoral fraud."
By clicking on the link, recipients were redirected to a site where hackers could install their malware.
"This attack is still ongoing and these examples should not be taken as exhaustive," Microsoft said.
- "Insufficient" sanctions -
The American computer security firm Volexity, which also identified the hack, estimated that "the attacker had probably had some success in exploiting the security holes of his targets."
In a blog post published Thursday, the group admits being unable to confirm the identity of the hackers, but says the attack "has the characteristics of a known threat actor (Volexity) had to do with many occasions "and which calls itself APT29.
For John Dickson, cybersecurity specialist at Denim Group, the hack suggests that the latest sanctions imposed by Washington on Moscow are insufficient.
"I think the santions are a starting point and we have to take them up a notch," Dickson told AFP.
The expert believes that the multiple Russian offensives are "different variations of the same espionage campaign" approved by the Kremlin and that they are carried out "without the slightest fear of reprisals".
© 2021 AFP