Microsoft identifies ‘sophisticated’ email attack from SolarWinds hackers

New campaign launches personalized attacks against each target, researchers warn

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsoftcybersecurityresearchers have found evidence of a malicious large-scale spear-phishing email campaign that they believe is operated by the same threat actors who were behind theSolarWindssupply chain attack.

Researchers at Microsoft’s Threat Intelligence Center (MSTIC) believe that the threat actor known as Nobelium, isonce again targetinggovernment agencies, think tanks, consultants, and non-governmental organizations via the new campaign.

Notably, the researchers add that prima facie evidence suggests that the latest Nobelium campaign “differs significantly” from the one that involved the compromise of the SolarWinds Orion platform.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

“It is likely that these observations represent changes in the actor’s tradecraft and possible experimentation following widespread disclosures of previous incidents,” writes MSTIC in a post detailing the new campaign.

Spear-phishing campaign

Spear-phishing campaign

The researchers add that as this is an ongoing campaign, it’s possible that MSTIC’s observations might change over time.

According to the post, the new campaign leverages the legitimateConstant Contactservice to send malicious links that were obscured behind the mailing service’s URL.

MSTIC’s tracking has revealed that Nobelium launched the attacks by breaking into anemail marketingaccount used by the United States Agency For International Development (USAID) before launching the phishing attacks on other organizations.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The latest campaign targets approximately 3000 individual accounts across more than 150 organizations, that MSTIC researchers note employ “an established pattern of using unique infrastructure and tooling for each target,” which also enables them to fly under the radar for a long time.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Don’t search for information on cats at work — you could be at risk of being hacked

This dangerous new malware is hitting Windows devices by hiding in games

Nvidia’s GeForce Now Priority membership has upgraded to ‘Performance’ - introducing a 1440p resolution and ultrawide support