{"id":5884,"date":"2021-05-29T13:12:36","date_gmt":"2021-05-29T13:12:36","guid":{"rendered":"http:\/\/odiannews.com\/en\/?p=5884"},"modified":"2021-05-29T13:12:36","modified_gmt":"2021-05-29T13:12:36","slug":"solarwinds-hack-details-another-email-attack-by-russian-hackers","status":"publish","type":"post","link":"https:\/\/odiannews.com\/en\/5884\/","title":{"rendered":"SolarWinds Hack Details: Another Email Attack By Russian Hackers"},"content":{"rendered":"

Moscow May 29 :A group of Russian hackers have launched a mass email phishing campaign, targeting government agencies, consultations, think tanks, NGOs and other foreign government agencies, reported Microsoft. The sophisticated attack was carried out using US Agency for International Development’s email marketing account. After comparing the case with SolarWinds hack details, Microsoft has announced that it is the same organization responsible for SolarWinds hack 2021.<\/p>\n

Nobelium has been identified as the organization responsible for sending out emails to about 3000 accounts.<\/p>\n

Microsoft also adds that at least a quarter of these accounts are associated with international bodies that look after foreign policy. It might be done to gain international intelligence. Both the United States and Britain are raising fingers at Russia’s Foreign Intelligence Service.<\/p>\n

Just like the SolarWinds hack 2021, the emails contained a URL, clicking on which would provide access to the user’s database. The email contained a poster and used former United State’s president Donal Trump’s name to lure the victims. The ‘view documents’ button opens a URL, which then provides access to the hackers. Have a look at the sample image published by Microsoft below.<\/p>\n

Microsoft’s statement about the SolarWinds hack details<\/span><\/b><\/p>\n

“This week we observed cyber attacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations. This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations. While organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries,” Microsoft says on their official blog post dated May 27, 2021.<\/p>\n

\"\"<\/p>\n

The email attack was going on since January 2021<\/span><\/b><\/p>\n

The email attack was silently going on since January 2021, until the hackers used a mail-mailing service called Constant Contact on May 25. Apparently, the emails were coming from development organization in the United States. While initially, the campaign sent malicious URLs which used the Google FIrebase platform to gather details of those who accessed the URL, the technique evolved with time.<\/p>\n

In the month of April, hackers experimented with an ISO file integrated with JavaScrpt, which once opened, attaches to a computer like an internal drive itself. The Cybersecurity and Infrastructure Security Agency of the US is aware of the cyberattack and has opened a joint investigation along with the Federal Bureau of Investigation.<\/p>\n