Microsoft said that the Russia-based hacker group designated Nobelium has this week targeted government agencies, think tanks, consultants, and non-governmental organisations. Nobelium is also blamed for the notorious SolarWinds cyberattacks that breached multiple departments of the US federal government last year.
In a blog post, the Redmond-based software giant revealed that the hackers went after 3,000 email accounts at over 150 different organisations in at least 24 countries – although the organisations in the US took the brunt of the cyberattacks. At least a quarter of the affected organisations worked on international development, humanitarian, and human rights issues.
The hackers apparently began their attacks by obtaining access to the Constant Contact account of USAID, the US government agency responsible for foreign aid and developmental assistance. Then they sent out phishing emails with a link that, when clicked, installs a backdoor that Microsoft calls NativeZone, which can be used for a variety of actions like stealing data or infecting other computers on a network.
Hackers backed by the Russian government have been blamed for quite a few high-profile breaches in the US. For example, they’re suspected to have stolen thousands of emails from the US State Department, and penetrating the National Nuclear Security Administration – which oversees the US nuclear weapons stockpile.
Earlier in the year, Microsoft blamed China-backed hackers for compromising its mail server software Microsoft Exchange in order to access email accounts. That breach was so serious that the FBI eventually decided to access private computers in the US to purge them of backdoors.