Within weeks of the announcement of US sanctions against technology companies suspected of supporting Russian operations, a new espionage effort emerged in the United States. Friday, May 28, Microsoft says the group is named Nobelium, Accused by Joe Biden’s government of being close to Russian intelligence, targets cyber attack More than 150 different settings. “
According to the US company, hackers have sent malicious emails to more than 3,000 email addresses linked to NGOs or human rights organizations. But the manner in which these emails were sent was most worrying: hackers were able to impersonate the US agency for international development, Usaide, and the organization intervened in the tool it uses for its internal messaging.
The team behind Operation Solar Winds
“The actor was able to send phishing emails as genuine, but had a link that, if clicked, contained a malicious file.”, Microsoft explains In a blog post In this attack. The software created a door on its victims’ computers that could be used to install additional malicious tools, extract data, or even as Microsoft pointed out. “Infect other computers on the computer network”.
According to the US company, this malicious Nobelium email campaign started in January, but it was not until May 25 that the group began to use more sophisticated methods and entered. In an organization run by marketing company Constant Contact, it allowed him to send masked emails as Uside.
Microsoft attributed the new espionage initiative to a group called Nobelium. One of the most sophisticated espionage operations in recent years was carried out by the same group of hackers until December: Nobilium was able to compromise with Solar Winds, an American technology company that sells software to many customers.
The Harriers were able to control Orion, one such software, by releasing a distorted update to Orion from the Solar Wind systems. This sophisticated method later allowed Nobelium Doors to be accessed on the computer systems of all customers who installed the update. While the number of victims who installed the victim version of Orion is uncertain, the White House announced more than 16,000 affected companies, and several major government and technology actors were targeted by the move in the United States.
In April, the government of Joe Biden formally accused Russia of being behind this sophisticated intelligence, among others known to be close to the APT29 hacker group known as Kozie Bear and the Russian Foreign Intelligence Service (SVR). At the same time, the White House announced sanctions targeting six Russian technology companies accused of supporting Russian intelligence Internet operations.
But a recent move by Microsoft shows that diplomatic and financial sanctions do not encourage hackers to continue their activities, especially in the United States.