The Russian hackers who breached SolarWinds IT management software to compromise a slew of United States government agencies and businesses are back in the limelight. Microsoft said on Thursday that the same “Nobelium” spy group has built out an aggressive phishing campaign since January of this year and ramped it up significantly this week, targeting roughly 3,000 individuals at more than 150 organizations in 24 countries.
The revelation caused a stir, highlighting as it did Russia's ongoing and inveterate digital espionage campaigns. But it should be no shock at all that Russia in general, and the SolarWinds hackers in particular, have continued to spy even after the US imposed retaliatory sanctions in April. And relative to SolarWinds, a phishing campaign seems downright ordinary.
“I don’t think it’s an escalation, I think it’s business as usual,” says John Hultquist, vice president of intelligence analysis at the security firm FireEye, which first discovered the SolarWinds intrusions. “I don’t think they’re deterred and I don’t think they’re likely to be deterred.”
Russia's latest campaign is certainly worth calling out. Nobelium compromised legitimate accounts from the bulk email service Constant Contact, including that of the United States Agency for International Development. From there the hackers, reportedly members of Russia's SVR foreign intelligence agency, could send out specially crafted spearphishing emails that genuinely came from the email accounts of the organization they were impersonating. The emails included legitimate links that then redirected to malicious Nobelium infrastructure and installed malware to take control of target devices.
While the number of targets seems large ..
Support the originator by clicking the read the rest link below.
