[BreachExchange] Sophisticated Email Hack Targeting Organizations, Warns Microsoft

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Wed Jun 2 09:46:52 EDT 2021


https://tech.co/news/email-hack-organizations-microsoft
To say online security has become an important aspect of the digital world
would be a drastic understatement. Protecting your personal information
feels like a full-time job at this point, as security breaches and
ransomware attacks have become exceedingly common in recent years.

Now, Microsoft is warning government agencies that an advanced email attack
is combing the US and 23 other countries for vulnerabilities that could
lead to some serious problems.

Microsoft Warns of “Sophisticated” Attack

Posted in a company blog post on Thursday, Microsoft informed users that a
“sophisticated email-based attack” had been dedicated. The attacks
specifically targeted “approximately 3,000 email accounts at more than 150
different organizations,” including government agencies, think tanks,
consultants, and other non-government agencies.

“Microsoft is issuing this alert and new security research regarding this
sophisticated email-based campaign… to help the industry understand and
protect from this latest activity.”

The attack was propagated by Nobelium — the Russian threat group behind the
infamous SolarWinds attack. The nefarious actors used Constant Contact, an
email marketing platform, to gain access to the accounts of members of the
United States Agency for International Development (USAID).

>From there, hackers sent phishing emails to a wide range of other notable
organizations in hopes of getting users to click on a malicious link that
downloaded malware onto their devices. This would then provide a backdoor
to Nobelium to access these organizations as they see fit.

Constant Contact has been swift in disconnecting affected accounts and
cooperating with organizations to get to the root of the problem, but as
Microsoft puts it, this is nothing if not a notable hack.

Why Is This Hack So Notable?

Outside of the obvious importance of Nobelium successfully completing
another significant hack, Microsoft specified that this hack is notable for
three different reasons:

The Intent – Perhaps the biggest concern is that Nobelium's intent here is
unsettling. Having focused their attacks on trusted technology providers,
Microsoft believes that the threat group's attacks purposefully “undermine
trust in the technology ecosystem,” which could lead to “collateral damage
in espionage operations.”
The Victims – Once Nobelium had access to these technology providers, their
primary subjects of focus were humanitarian and human rights organizations,
which further shows that there is a political element to these attacks.
The Frequency – These kinds of large scale cyber attacks aren't slowing
down, and it's at least partly due to a lack of action on laws and
regulations to keep nation-states from engaging in this kind of nefarious
behavior.

Simply put, this isn't just another breach of a company with lax security.
This is a coordinated effort from a Russian-based hacker group with plans
to sow discord in any way they can. And it's working.

How to Protect Yourself Online

All this talk of security breaches and sophisticated hacks can make anyone
concerned about their own online safety. Fortunately, there are a few tools
in your digital tool box that can protect you online.

Password managers are arguably one of the best and most important avenues
to a safe online experience. As the first — and sometimes only — obstacle
to stealing your personal information, a strong one that is encrypted
through a good password manager can do wonders when it comes to keeping you
safe.

Antivirus software and VPNs are two more online tools that can seriously
improve your online security, by keeping viruses at bay and hiding your
online activity, respectively.

When it comes to phishing scams though, like the one propagated by Nobelium
here, your best defense is a bit of vigilance. While Microsoft noted that
this email was particularly authentic, the reality is that keeping your
eyes out for anything suspicious — particularly when clicking links or
providing personal information — can go a long way in keeping you safe
online.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210602/e65a30ac/attachment.html>


More information about the BreachExchange mailing list