Russian hackers behind SolarWinds renew cyberattacks

The state-backed group of Russian hackers behind a massive cyberattack on security firm SolarWinds revealed last year, has re-emerged with a series of attacks on government agencies, think tanks, consultants, and other organizations, according to officials and researchers. A security update from Microsoft late last week said the group known as Nobelium has stepped up attacks, notably targeting government agencies involved in foreign policy as part of intelligence gathering efforts.

The US government’s Cybersecurity and Infrastructure Security Agency posted a link to the Microsoft update and urged computer network administrators to “apply the necessary mitigations.” Microsoft said it detected a “sophisticated” and large-scale campaign that delivered phishing emails delivering malicious software and enabling the hackers to get protected data from victims.

“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations,” Microsoft vice president Tom Burt said in a blog post. The news comes a month after Washington imposed sanctions and expelled Russian diplomats in response to Moscow’s connection with the Russian hackers involved in the massive attacks last year on SolarWinds, a security software firm, as well as for election interference and other hostile activity.

“When coupled with the attack on SolarWinds, it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers,” wrote Burt. “By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem.”

The new attacks enabled the hackers were able to gain access to email servers operated by the firm Constant Contact, to be able to spoof the US Agency for International Development and send out mass emails with disinformation, according to the update. In one example, emails appearing to be from USAID showed a “special alert” stating that “Donald Trump has published new documents on election fraud.

Users who…