Russian Hackers Target Government Agencies, Think Tanks and NGO’s

Fortify Security Team
Jun 1, 2021

The Russian-based hackers behind the SolarWinds cyber attack have launched a new campaign that appears to target government agencies, think tanks and non-governmental organizations, Microsoft said Thursday. Nobelium launched the current attacks after getting access to an email marketing service used by the United States Agency for International Development, or USAID, according to Microsoft.

“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Tom Burt, Microsoft vice president of customer security and trust, wrote in a blog post.

The campaign, which Microsoft called an active incident, targeted more than 3,000 email accounts across 150 organizations, mostly in the United States; however, the targets are in at least 24 countries. At least a quarter of the targeted organizations are said to be involved in things like international development and human rights work. The effort involved sending phishing emails that were made to look legitimate but designed to deliver malicious files. The email campaign has been going on since at least January and has evolved over waves, Microsoft said in a separate blog post.

Nobelium, Burt said, accessed the USAID’s account with Constant Contact, a mass-mailing service. On Wednesday, emails were sent that were meant to look like they were from USAID, including some that read “special alert” and “Donald Trump has published new documents on election fraud”. The link ultimately goes to infrastructure controlled by Nobelium, which delivers a malicious file. Getting the malicious files delivered allows Nobelium persistent access to compromised machines. Microsoft detected the attack through the work of its threat intelligence center in tracking nation-state actors. At this time, Microsoft has does not believe there is a vulnerability with its products or services.

The SolarWinds attack lead to the infiltration of at least nine federal agencies and dozens of companies. Microsoft President Brad Smith called it “the largest and most sophisticated attack the world has ever seen.”

Recent Posts

Beware of Grandparent Fraud Scheme Using Couriers

Criminal actors target elderly U.S. citizens in a grandparent fraud scheme in which they arrange for couriers to pick up bail money in person at the victim’s residence. Criminals telephonically contact their victims and pose as a grandchild, or another family member,...

Xylazine Abuse Presents Potential for Weaponization

Xylazine abuse and overdoses have occurred since at least the 1980s, however, within the last decade, several U.S. states and territories have reported spikes in xylazine misuse, including Texas, Maryland, Pennsylvania, and Puerto Rico. As a non-opioid sedative,...

Montana Rail Link Employee Reports Signals Tampering Incident

Illegal tampering with rail signals is an ongoing safety and security concern, especially at rail crossings. One diligent Montana Rail Link employee’s reporting of a security incident likely saved lives and averted the possibility of “catastrophic damage,” affirming...


Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China ’s MSS Hainan State Security Department SUMMARY APT40—aka BRONZE MOHAWK, FEVERDREAM, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, Leviathan, MUDCARP, Periscope,...