The Russian hacking group behind the supply chain attack that poisoned software updates for the SolarWinds Orion platform has been perfecting its email-based attacks over the past few months to plant backdoors inside organizations. These efforts recently escalated with an attack launched from a hijacked email marketing account belonging to USAID and targeted around 3,000 people across over 150 organizations in 24 countries.
[ Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan. | Sign up for CSO newsletters. ]The hacking group, known in the security industry as APT29, Cozy Bear, The Dukes and Nobelium, has been tied to the Russian Foreign Intelligence Service (SVR) by the US and UK governments. It has a long history of targeting governmental or government-tied organizations, sometimes using zero-day exploits to gain initial access. In this latest email campaign observed by Microsoft, around a quarter of Nobelium's targets were organizations involved in international development, humanitarian, and human rights work.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
