Microsoft Warns Russian Intelligence Accused of Mounting Cyberattack

Posted by Alan Owen on June 16th, 2021

he Russian hackers are known to be behind the SolarWinds and targeting government agencies. 

The SolarWinds attacks first started in the year 2020 and were continued throughout the year. On Thursday, Microsoft disclosed a cyberattack with large-scale, which is known to be operated by hackers that are linked to Russian intelligence. The same intelligence suspected to be behind the SolarWinds hack. According to the reports, it is known that the hackers have accessed an email system utilized by U.S. Agency for International Development, which is a State Department agency that works on foreign aid. The malicious emails were sent by hackers to approximately 3,000 individual accounts, which is more than 150 organizations, and this threat alert was sent by Microsoft on Thursday. 

Vice President of Microsoft Tom Burt stated in a post on Thursday that hackers seem to have target organizations of many humanitarian and human rights. In the United States, many organizations received attacks with the largest share, and it was also noted that targeted victims crossed at least 24 countries. Some of those malicious emails were sent recently this week, and it is suspected by Microsoft that the attacks might still be ongoing. The attacks have been analyzed as the continuation of the process of hacking to target agencies of government focused on foreign policy, which is known to be a part of intelligence with gathering the efforts. 

The recent cyberattack was discovered over a month when the U.S officially implemented the sanctions against Russia for allegedly committing malicious cyber activity and interfering in the election, which includes widely spread SolarWinds attacks as well. According to the key intelligence agencies, it has already been said that Russia is most likely to be the origin of the SolarWinds hack, which has utilized malicious software from IT management company SolarWinds to infiltrate multiple U.S. federal agencies, including approximately 100 private organizations.

On Friday, in an interview with CNN, Austin Lloyd, Defense Secretary, stated that the U.S has numerous ways of utilizing offensive options to counter back on the cyberattacks. However, the statement was not in the preference of recent attacks. Recently, Austin conveyed to CNN how important the cyber domain is, as it is specifically known as the part of the battlespace and architecture, which is something that should be in the extra attentive process, including being dominant in that particular area. 

The spokesperson of USAID, Pooja Jhunjhunwala, conveyed that the agency is fully aware of potentially malicious email activities happening from the compromised constant contact email marketing account and also told about the forensic investigation that is in the process right now. According to the reports, a spokesperson of the U.S Cybersecurity and Infrastructure Security Agency said that CISA is processing the investigation with USAID and FBI to dig up the whole situation of compromise with better understanding and guide the victims. 

Phishing Emails with authenticated appearance:

According to the reports of Microsoft, the investigation to track this new ongoing hacking campaign has been running since January 2021, and the situation got dense on Tuesday when the legitimate mass email service was anchored by hackers to pretend as the US-based development organization and distribute infected URLs to the wide variety of organizations and private industries. According to Microsoft, as the data transfer of malicious email was heavy, some of them might have stopped via spam filter, but it is possible that the rest of them passed the automated systems to the targeted destinations. 

Microsoft added in its report, if in case a person clicked on the sent links in the email, it would have provided the hackers with access to the compromised systems via uploading a malicious file.

Source:-https://webrootcom.com/blog/microsoft-warns-russian-intelligence-accused-of-mounting-cyberattack/