SolarWinds hackers are back with a new mass campaign, Microsoft says

by
Dan Goodin
from Ars Technica - All content on (#5JCA6)
evil-packet-800x480.jpg

Enlarge (credit: Getty Images)

The Kremlin-backed hackers who targeted SolarWinds customers in a supply chain attack have been caught conducting a malicious email campaign that delivered malware-laced links to 150 government agencies, research institutions and other organizations in the US and 23 other countries, Microsoft said.

The hackers, belonging to Russia's Foreign Intelligence Service, first managed to compromise an account belonging to USAID, a US government agency that administers civilian foreign aid and development assistance. With control of the agency's account for online marketing company Constant Contact, the hackers had the ability to send emails that appeared to use addresses known to belong to the US agency.

Nobelium goes native

From there, the actor was able to distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call NativeZone," Microsoft Vice President of Customer Security and Trust Tom Burt wrote in a post published on Thursday evening. This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network."

Read 17 remaining paragraphs | Comments

index?i=KI7ZdF4Wm6E:wgG-LQt-hJk:V_sGLiPB index?i=KI7ZdF4Wm6E:wgG-LQt-hJk:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments