enero 27, 2022


español: Obtenga todas las últimas noticias, fotos, videos y reportajes especiales sobre español

Microsoft says solar wind hackers have struck again in the United States and other countries

The group, called Microsoft “Nobilium”, this week targeted 3,000 email accounts at various companies – most of them in the United States, the company Said in a blog post Thursday.
It believes the hackers were part of the same Russian group behind last year’s devastating attack Solar Winds – a software vendor – It targeted at least nine U.S. federal agencies and 100 companies.
Cyber ​​Security An important focus To the US government following the revelations of the hackers Enter malicious code As a tool released by Solar Winds. Earlier this month, a ransomware attack that shut down one of America’s most important energy infrastructure, the Colonial Pipeline, raised awareness. That attack is one The criminal group that emerged in Russia, According to the FBI.
Microsoft (MSFT) He said at least a quarter of the targets of this week’s attacks were involved in international development, humanitarian and human rights work in at least 24 countries. It claims that Nobiliam launched the attack by gaining access to a fixed contact email marketing account Used by the US Agency for International Development (USAID).

“These attacks appear to be a continuation of Nopilium’s numerous attempts to target government agencies involved in foreign policy as part of intelligence gathering efforts,” the agency said.

USIID Acting Spokesperson Pooja Jhunjhunwala said on Friday that the company was aware of “malicious email activity” from the compromised Fixed Communications marketing account. Jhunjhunwala said a forensic inquiry was underway into the incident.

Spokesmen said both the White House National Security Council and the US Cyber ​​Security and Infrastructure Security (CISA) were aware of the incident. The CISA “works with the FBI and USAID to better understand the extent of the compromise and help victims,” ​​a spokesman said.

READ  Los científicos dicen que los 'signos vitales' de la Tierra se están debilitando

By gaining access to USIID’s account, hackers were able to send phishing emails, while Microsoft “appeared to be trustworthy, but included a link that, if clicked, inserted a malicious file”, allowing hackers to access computers through a door.

“This door can perform a wide range of functions, from stealing data to infecting other computers on a network,” Microsoft said.

One of those fake emails Appeared from USIIT The actual sender address is included. The email presented a “special alert” from former President Donald Trump inviting recipients to click the “View Documents” link in connection with the election fraud.

Microsoft said many of the attacks were automatically prevented. The company announces to targeted customers that “there is no reason to believe that these attacks may involve any exploitation or harm to Microsoft’s products or services.”

A spokesman for Constant Contact said: “The company is aware that the account credentials of one of our customers have been compromised, describing it as an” isolated “incident. “We have temporarily disabled the affected accounts while we work in collaboration with our client who works with law enforcement,” the spokesman added.

At the time of the Solar Winds Hack, the team in charge of the U.S. intelligence and law enforcement agencies said that “may have appeared in Russia” and that the attack was believed to be an espionage operation.

Microsoft reiterated those dubious motives in its Thursday blog post, saying, “When combined with the attack on the Solar Winds, it is clear that part of Noble’s Playbook is gaining access to trusted technology providers and affecting their customers.”

READ  Afganistán: Combates en Panjir, el anuncio del gobierno talibán se pospuso aún más

“With software updates and now pickpocketing on mass email providers, Nobilium increases the chances of parallel damage in espionage operations and undermines confidence in the technological ecosystem,” the company said.

James Lewis, cybersecurity expert at the Center for Strategic and International Studies, said the latest revelation shows how Russia has been unhindered by the Kremlin’s accountability and recent U.S. efforts to improve cybersecurity following the Solar Winds campaign.

“The Russians have a campaign plan for massive attacks against US targets, for which they have no incentive,” Lewis said. “They are not afraid of America’s response. They are testing the new administration.”

Kremlin spokesman Dmitry Peskov on Friday declined to comment on Microsoft’s allegations.

“To answer your question, we must first answer the following questions: Which groups? Why are they affiliated with Russia? Who attacked what? What led to this attack? How does Microsoft know about this? The answer to these questions, we can think about the answer. [to your question], “Peskov said in a conference call with CNN reporters.

He said he did not think the allegations would affect the upcoming summit US President Joe Biden and Russian President Vladimir Putin.

– Anna Chernova, Zahra Ullah, Jennifer Honsler, Brian Fung and Alex Margard Contributed to this article.