“This week we observed cyber attacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations”, Microsoft said in a blog.”
Nobelium, originally from Russia, are the same actors behind the attack on SolarWinds customers in 2020, according to Microsoft.
The comments come weeks after a May 7 ransomware attack on Colonial Pipeline that shut off the United States’ largest fuel pipeline operations for a number of says, disrupting the countries supply.
“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations”, Microsoft said on Thursday. While organizations in the United States received the largest share of attacks, targeted victims came from at least 24 countries, Microsoft mentioned.
Microsoft says at least a quarter of the targeted organizations were involved in international development, humanitarian issues and human rights work.
Nobelium launched this weeks range of attacks by breaking into an email marketing campaign account used by the US Agency for International Development (USAID). Nobelium then went on to launch phishing attacks on many other organizations, says Microsoft.
Statements issued previously by the Department of Homeland Security (HLS) and USAID both mentioned they were aware of the recent hacking attempts and are currently investigating. The hack on SolarWinds, identified in December 2020, gave access toi thousands of companies and government offices that used the SolarWinds product. Microsoft President, Brad Smith described the attack as “the largest and most sophisticated attack the world has ever seen”.
This month, Russia’s spy chief denied responsibility for the SolarWinds cyber attack but said he was “flattered” by the accusations from the United States and Britain that Russian foreign intelligence was behind such a sophisticated hack.