Experts Warn of a New Attack from the Solar Winds Hackers

Posted on by Dawna M. Roberts in News June 11, 2021

It appears that the Solar Winds attackers are not done with us yet. A report from Data Breach Today on May 28 confirms that Microsoft has discovered yet another attack from the same group.

What is Happening?New Attack On Solar Winds

Microsoft discovered that the Solar Winds attackers are busy waging a phishing campaign. Their most recent victim is a marketing campaign that the U.S. Agency for International Development - USAID uses. The result of this attack is thousands of malicious emails sent out. 

Microsoft has identified “Nobelium” as the group behind the attack and the same group that carried out the Solar Winds supply chain attack a few months ago. The Solar Winds attack affected 18,000 users and threat experts are still trying to clean up and recover the mess left behind. Security experts believe the attack comes from a Russian-backed hacker group known as Nobelium. 

How Does the Latest Attack Work?

Attackers took control of the Constant Contact account owned by USAID and sent out thousands of emails with a tainted link that, when clicked, infects the user’s device with a backdoor called “NativeZone.”

As of Tuesday, the campaign was still active. Microsoft has not said how many victims were affected by these malicious emails. They did note in their report that about 3,000 victims were targeted from 150 companies. Most of the attacks occurred within the U.S. but also affected 20 other countries. The types of companies that received these emails were in the international development, humanitarian and human rights work sectors.

The Response to the Attack

A joint effort between the FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) is investigating the matter further. They did reassure the public that most of the emails would have been disabled by security software such as antivirus/anti-malware programs before they reached the victims. 

According to Data Breach Today ‘A spokesperson for Constant Contact says: 

“We are aware that the account credentials of one of our customers were compromised and used by a malicious actor to access the customer’s Constant Contact accounts. This is an isolated incident, and we have temporarily disabled the impacted accounts while we work in cooperation with our customer, who is working with law enforcement.”’

Corporate vice president for customer security and trust at Microsoft, Tom Burt, said,

“When coupled with the attack on SolarWinds, it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers,” in response to the attack. “By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem.”

Relations between the U.S. and Russia have been tense, especially recently since President Biden issued sanctions against Russia for their involvement in cybercrimes against the U.S. Biden is scheduled to meet Russian President Vladimir Putin on June 16 at a convention in Geneva, Switzerland. 

Cybersecurity Taken Seriously

Previously phishing campaigns were not considered all that dangerous. However, recent large-scale attacks that potentially originated from a single email have become a wake-up call to government agencies and cybersecurity experts. The weakest link can result in devastation to an organization and even a nation. 

The Solar Winds attack had far-reaching consequences, and those affected have learned a good lesson. Phishing campaigns are just the beginning and can lead to further destruction if underestimated. 

Many of these emails contain malicious links or downloadable files. Some use DLL (Dynamic Link Library) files to hide tainted code. If users open the files or click the links, their device and entire network can be compromised within minutes. 

Hacker tactics evolve, and thus, the end-user must know what to look for and how to respond. The number one way to avoid these types of issues is never to click a link in email or download attachments without verifying where they came from first.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagram’s c... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien” is ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the country, ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% of the... Read More

Scan Your Records for Breaches, Leaks & Exposures!