<div dir="ltr"><p style="margin:0px 0px 0.8em;font-size:1.385em;line-height:1.8;color:rgb(29,34,40);font-family:"Yahoo Sans",YahooSans,"Helvetica Neue",Helvetica,Arial,sans-serif"><a href="https://news.yahoo.com/russian-solarwinds-hackers-back-wave-113037015.html">https://news.yahoo.com/russian-solarwinds-hackers-back-wave-113037015.html</a><br></p><p style="margin:0px 0px 0.8em;font-size:1.385em;line-height:1.8;color:rgb(29,34,40);font-family:"Yahoo Sans",YahooSans,"Helvetica Neue",Helvetica,Arial,sans-serif">The same Russian hackers behind the massive SolarWinds breach have launched a new wave of cyberattacks targeting government agencies, think tanks, consultants and NGOs, Microsoft <a href="https://blogs.microsoft.com/on-the-issues/2021/05/27/nobelium-cyberattack-nativezone-solarwinds/" rel="nofollow noopener" target="_blank" class="gmail-link gmail-rapid-noclick-resp" style="background-color:transparent;text-decoration-line:none;color:rgb(24,143,255)">disclosed</a> late Thursday night.</p><p style="margin:0px 0px 0.8em;font-size:1.385em;line-height:1.8;color:rgb(29,34,40);font-family:"Yahoo Sans",YahooSans,"Helvetica Neue",Helvetica,Arial,sans-serif"><span style="font-weight:700">Why it matters: </span>The revelation of the ongoing attack comes less than two months after the U.S. <a href="https://www.axios.com/russia-sanctions-solarwinds-cyber-39561a8d-76c0-46ec-9047-6309153d1382.html?utm_medium=partner&utm_source=verizon&utm_content=edit&utm_campaign=subs-partner-vmg" rel="nofollow noopener" target="_blank" class="gmail-link gmail-rapid-noclick-resp" style="background-color:transparent;text-decoration-line:none;color:rgb(24,143,255)">imposed sanctions</a> and expelled Russian diplomats in response to the SolarWinds hack, described by Microsoft as the "most sophisticated attack the world has ever seen."</p><ul class="gmail-caas-list gmail-caas-list-bullet" style="margin:0px;padding-left:1.538em;list-style-type:none;color:rgb(29,34,40);font-family:"Yahoo Sans",YahooSans,"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px"><li style="font-size:1.385em;line-height:1.8;list-style-type:disc"><p style="margin:0px 0px 0.8em;font-size:1em;line-height:1.8">The new breach was discovered just weeks before President Biden is set to hold his first <a href="https://www.axios.com/biden-putin-summit-russia-939c9554-81e0-4241-94d8-b76693ae19f1.html?utm_medium=partner&utm_source=verizon&utm_content=edit&utm_campaign=subs-partner-vmg" rel="nofollow noopener" target="_blank" class="gmail-link gmail-rapid-noclick-resp" style="background-color:transparent;text-decoration-line:none;color:rgb(24,143,255)">in-person summit</a> with Russian President Vladimir Putin in Geneva, and comes on the heels of other Russian-backed cyber espionage campaigns.</p></li></ul><div class="gmail-caas-da" style="text-align:center;margin:0px 0px 10px;color:rgb(29,34,40);font-family:"Yahoo Sans",YahooSans,"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px"><div id="gmail-sda-INARTICLE"></div></div><p style="margin:0px 0px 0.8em;font-size:1.385em;line-height:1.8;color:rgb(29,34,40);font-family:"Yahoo Sans",YahooSans,"Helvetica Neue",Helvetica,Arial,sans-serif"><span style="font-weight:700">Microsoft said</span> the hacking group Nobelium, which is linked to Russia’s main intelligence agency, was behind the attack.</p><ul class="gmail-caas-list gmail-caas-list-bullet" style="margin:0px;padding-left:1.538em;list-style-type:none;color:rgb(29,34,40);font-family:"Yahoo Sans",YahooSans,"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px"><li style="font-size:1.385em;line-height:1.8;list-style-type:disc"><p style="margin:0px 0px 0.8em;font-size:1em;line-height:1.8">The Kremlin-linked hacking group took control of a U.S. Agency for International Development account and sent legitimate-looking emails containing malicious files to international human rights groups and humanitarian organizations, according to Microsoft.</p></li><li style="font-size:1.385em;line-height:1.8;list-style-type:disc"><p style="margin:0px 0px 0.8em;font-size:1em;line-height:1.8">Microsoft, which monitors for malicious activity on the internet, said this attack <a href="https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/" rel="nofollow noopener" target="_blank" class="gmail-link gmail-rapid-noclick-resp" style="background-color:transparent;text-decoration-line:none;color:rgb(24,143,255)">"differs significantly"</a> from the SolarWinds breach, with the hackers appearing to use newer tools and tradecraft.</p></li></ul><p style="margin:0px 0px 0.8em;font-size:1.385em;line-height:1.8;color:rgb(29,34,40);font-family:"Yahoo Sans",YahooSans,"Helvetica Neue",Helvetica,Arial,sans-serif"><span style="font-weight:700">How it works:</span> Nobelium gained access to USAID's Constant Contact email marketing account, allowing the group to send malicious emails that appeared to come from genuine government addresses to 3,000 emails across more than 150 organizations.</p><ul class="gmail-caas-list gmail-caas-list-bullet" style="margin:0px;padding-left:1.538em;list-style-type:none;color:rgb(29,34,40);font-family:"Yahoo Sans",YahooSans,"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px"><li style="font-size:1.385em;line-height:1.8;list-style-type:disc"><p style="margin:0px 0px 0.8em;font-size:1em;line-height:1.8">The emails contained a "backdoor" through which the hacks could steal data and infect other computers on a network. Some of the emails were flagged by automated email threat detection systems, but some may have been successfully delivered.</p></li><li style="font-size:1.385em;line-height:1.8;list-style-type:disc"><p style="margin:0px 0px 0.8em;font-size:1em;line-height:1.8">Many of the organizations targeted have been critical of Putin and have revealed and condemned Russian action against dissidents, including the poisoning and jailing of opposition leader, Alexei Navalny, according to the <a href="https://www.nytimes.com/2021/05/28/us/politics/russia-hack-usaid.html" rel="nofollow noopener" target="_blank" class="gmail-link gmail-rapid-noclick-resp" style="background-color:transparent;text-decoration-line:none;color:rgb(24,143,255)">New York Times</a>.</p></li></ul><div><p style="margin:0px 0px 0.8em;font-size:1.385em;line-height:1.8;color:rgb(29,34,40);font-family:"Yahoo Sans",YahooSans,"Helvetica Neue",Helvetica,Arial,sans-serif"><span style="font-weight:700">What they're saying:</span> A spokesperson for the Cybersecurity and Infrastructure Security Agency told the Times Thursday that the agency was “aware of the potential compromise, and that it was working with USAID and the FBI "to better understand the extent of the compromise and assist potential victims.”</p><ul class="gmail-caas-list gmail-caas-list-bullet" style="margin:0px;padding-left:1.538em;list-style-type:none;color:rgb(29,34,40);font-family:"Yahoo Sans",YahooSans,"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px"><li style="font-size:1.385em;line-height:1.8;list-style-type:disc"><p style="margin:0px 0px 0.8em;font-size:1em;line-height:1.8">"First, when coupled with the attack on SolarWinds, it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers," Tom Burt, a Microsoft vice president, wrote in a <a href="https://blogs.microsoft.com/on-the-issues/2021/05/27/nobelium-cyberattack-nativezone-solarwinds/" rel="nofollow noopener" target="_blank" class="gmail-link gmail-rapid-noclick-resp" style="background-color:transparent;text-decoration-line:none;color:rgb(24,143,255)">blog post</a> Thursday.</p></li><li style="font-size:1.385em;line-height:1.8;list-style-type:disc"><p style="margin:0px 0px 0.8em;font-size:1em;line-height:1.8">"By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem," Burt added.</p></li><li style="font-size:1.385em;line-height:1.8;list-style-type:disc"><p style="margin:0px 0px 0.8em;font-size:1em;line-height:1.8">“At least a quarter of the targeted organizations were involved in international development, humanitarian, and human rights work."</p></li></ul><p style="margin:0px 0px 0.8em;font-size:1.385em;line-height:1.8;color:rgb(29,34,40);font-family:"Yahoo Sans",YahooSans,"Helvetica Neue",Helvetica,Arial,sans-serif"><span style="font-weight:700">The big picture: </span>The attack suggests Russia is not slowing its hacking campaigns against the U.S. government and U.S.-based companies, despite <a href="https://www.axios.com/russia-sanctions-solarwinds-cyber-39561a8d-76c0-46ec-9047-6309153d1382.html?utm_medium=partner&utm_source=verizon&utm_content=edit&utm_campaign=subs-partner-vmg" rel="nofollow noopener" target="_blank" class="gmail-link gmail-rapid-noclick-resp" style="background-color:transparent;text-decoration-line:none;color:rgb(24,143,255)">new sanctions</a>.</p></div></div>