SolarWinds Hacker Encore: Russia Phishing Attacks Target U.S. Government Agencies
Microsoft’s disclosure late last week that the hacking crew behind the SolarWinds Orion attack is targeting U.S. government agencies in a phishing expedition has legislators urging President Biden to tighten economic sanctions on Moscow.
Just in case you missed Microsoft’s warning: The
Russian-backed Nobelium hackers have launched a malware attack not only on
federal government agencies but also researchers, consultants and
non-government organizations, the vendor’s security team said in a blog post.
The infiltration has hit some 3,000 email accounts in more
than 150 different organizations, Microsoft said. U.S. facilities appear to
have taken the brunt of the attacks that involved at least 24 countries, wrote
Tom Burt, the company’s customer security and trust corporate vice president.
Roughly 25 percent of the intended victims are involved in international
development, humanitarian and human rights work, an indication the attacks are
a “continuation of multiple efforts by Nobelium to target government agencies
involved in foreign policy as part of intelligence gathering efforts,” Burt
said.
Still, the attacks offer a timely reminder for MSPs and
MSSPs to offer cybersecurity awareness training services — which typically
familiarize customers with phishing-type emails.
Phishing Attacks: Microsoft’s Analysis
Microsoft said that Nobelium had gained access to an email
marketing account used by the U.S. Agency for International Development
(USAID), an independent government wing that handles foreign aid and
development assistance.
Antivirus services and endpoint detection and response
solutions identified and protected the targeted entities against the malware
deployed in the attacks. “It is important for all users to employ basic
cybersecurity hygiene, including using multi-factor authentication, using
antivirus/antimalware software and being careful not to click on links in
email, unless you can confirm reliability to minimize the risk of being
phished,” Burt said.
Nobelium’s phishing campaign comes hard on the heels of the
allegedly Russian-orchestrated Colonial Pipeline cybersecurity event that
disrupted the oil and gas supply along the eastern seaboard in early May 2021.
United States vs. Russia: Cyberattack Fallout?
President Biden imposed economic sanctions on Russia
following the SolarWinds hack and Moscow’s attempts to influence U.S.
elections. With word that the same group is newly engaged in Moscow’s continued
cyber espionage operations, some Democratic lawmakers are calling for the Biden
administration to squeeze harder.
“If Moscow is responsible, this brazen act of utilizing
emails associated with the U.S. government demonstrates that Russia remains
undeterred despite sanctions following the SolarWinds attack,” House
Intelligence Committee Chairman Adam Schiff (D-CA) said in a statement. “Those
sanctions gave the administration flexibility to tighten the economic screws
further if necessary,” he said. “It now appears necessary.”
Senate Intelligence Committee Chairman Mark Warner (D-VA)
said the U.S. needs to reiterate to foreign nations that foreign cyber
offensives will be met with a strong response. “We have to step up our cyber
defenses, and we must make clear to Russia and any other adversaries that they
will face consequences for this and any other malicious cyber activity,” he
said in a separate statement.
The White House, however, reportedly waved off the Russian
operation as standard fare that had largely been neutralized by Microsoft and
other security specialists, proof that strengthened federal cyber defenses are
working, the New York Times reported.
Comments
Post a Comment