(Reuters) – The group behind SolarWind's cyberattack, which was identified late last year, is now targeting government agencies, think tanks, consultants and NGOs, said Microsoft Corp. on Thursday.
"This week we observed cyberattacks by the threatening actor Nobelium targeting authorities, think tanks, consultants and NGOs," Microsoft said in a blog.
Nobelium, originally from Russia, is the same actor behind the attacks on SolarWinds Customers 2020, According to Microsoft
The comments come weeks after a ransomware attack on May 7 on the Colonial Pipeline shut down the United States' largest fuel management network for several days and disrupted the country's supply.
"This wave of attacks targeted 3000 email accounts to more than 1
While organizations in the United States received the largest percentage of attacks, victims targeted at least 24 countries, Microsoft said.
At least a quarter of those targeted organizations were involved in international development, humanitarian issues and human rights, Microsoft said in the blog.
Nobelium launched this week's attacks by breaking into an email marketing account used by the US International Development Agency and from there launches phishing attacks against many other organizations, Microsoft said.
In statements issued on Friday, the Department of Homeland Security and USAID said they were aware of the hack and investigated.
The hack by information technology company SolarWinds, identified in December, provided access to thousands of companies and authorities using their products. Microsoft President Brad Smith described the attack as "the largest and most sophisticated attack the world has ever seen."
This month, Russia's spy chief denied responsibility for SolarWind's cyberattack but said he was "flattered" by accusations from the United States and Britain that the Russian foreign intelligence service was behind such a sophisticated hack.
The United States and Britain have blamed Russia's foreign intelligence service, the successor to the KGB's foreign espionage operations, for the hack that compromised nine US federal authorities and hundreds.
The attacks unveiled by Microsoft on Thursday appeared to be a continuation of several efforts to target foreign policy-makers as part of efforts to gather intelligence, Microsoft said.
The company stated that it was in the process of notifying all its targeted customers and had "no reason to believe" these attacks involved any exploitation of vulnerability in Microsoft products or services.