An alert released on Friday by the FBI and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) revealed that the number of organizations targeted in a recent attack abusing a legitimate email marketing service was higher than initially reported.
Microsoft reported last week that the Russia-linked threat actor it tracks as Nobelium, which is believed to be responsible for the SolarWinds supply chain attack, had been abusing a legitimate mass email service named Constant Contact to target government and other types of organizations in the United States and a dozen other countries.
The attacks, which appear to have started on May 25, involved Nobelium compromising the Constant Contact account of the United States Agency for International Development (USAID), which is responsible for civilian foreign aid and development assistance. Microsoft said spear-phishing emails apparently coming from USAID and set up to deliver malware were sent to roughly 3,000 accounts across more than 150 organizations.
However, according to the FBI and CISA, the attackers actually sent spear-phishing emails to over 7,000 accounts at 350 organizations, including government, non-governmental and intergovernmental organizations.
Incident response firm Volexity, which has also seen the phishing emails sent out via Constant Contact, found some links to APT29, a well-known cyberspy group tied to Russia. In their joint alert, CISA and the FBI acknowledge the reports linking the USAID-themed attack to APT29, but the agencies say they have yet to attribute the campaign to any threat actor.
In their alert, the two agencies don’t mention the link to the SolarWinds attack and they don’t name the government agency being impersonated. They did note that the spoofed emails contained a legiti ..
Support the originator by clicking the read the rest link below.
