“These attacks appear to be a continuation of Nopilium’s numerous attempts to target government agencies involved in foreign policy as part of intelligence gathering efforts,” the agency said.
USIID Acting Spokesperson Pooja Jhunjhunwala said on Friday that the company was aware of “malicious email activity” from the compromised Fixed Communications marketing account. Jhunjhunwala said a forensic inquiry was underway into the incident.
Spokesmen said both the White House National Security Council and the US Cyber Security and Infrastructure Security (CISA) were aware of the incident. The CISA “works with the FBI and USAID to better understand the extent of the compromise and help victims,” a spokesman said.
By gaining access to USIID’s account, hackers were able to send phishing emails, while Microsoft “appeared to be trustworthy, but included a link that, if clicked, inserted a malicious file”, allowing hackers to access computers through a door.
“This door can perform a wide range of functions, from stealing data to infecting other computers on a network,” Microsoft said.
Microsoft said many of the attacks were automatically prevented. The company announces to targeted customers that “there is no reason to believe that these attacks may involve any exploitation or harm to Microsoft’s products or services.”
A spokesman for Constant Contact said: “The company is aware that the account credentials of one of our customers have been compromised, describing it as an” isolated “incident. “We have temporarily disabled the affected accounts while we work in collaboration with our client who works with law enforcement,” the spokesman added.
At the time of the Solar Winds Hack, the team in charge of the U.S. intelligence and law enforcement agencies said that “may have appeared in Russia” and that the attack was believed to be an espionage operation.
Microsoft reiterated those dubious motives in its Thursday blog post, saying, “When combined with the attack on the Solar Winds, it is clear that part of Noble’s Playbook is gaining access to trusted technology providers and affecting their customers.”
“With software updates and now pickpocketing on mass email providers, Nobilium increases the chances of parallel damage in espionage operations and undermines confidence in the technological ecosystem,” the company said.
James Lewis, cybersecurity expert at the Center for Strategic and International Studies, said the latest revelation shows how Russia has been unhindered by the Kremlin’s accountability and recent U.S. efforts to improve cybersecurity following the Solar Winds campaign.
“The Russians have a campaign plan for massive attacks against US targets, for which they have no incentive,” Lewis said. “They are not afraid of America’s response. They are testing the new administration.”
Kremlin spokesman Dmitry Peskov on Friday declined to comment on Microsoft’s allegations.
“To answer your question, we must first answer the following questions: Which groups? Why are they affiliated with Russia? Who attacked what? What led to this attack? How does Microsoft know about this? The answer to these questions, we can think about the answer. [to your question], “Peskov said in a conference call with CNN reporters.
He said he did not think the allegations would affect the upcoming summit US President Joe Biden and Russian President Vladimir Putin.
– Anna Chernova, Zahra Ullah, Jennifer Honsler, Brian Fung and Alex Margard Contributed to this article.