SolarWinds hackers' latest attack on US agencies: New details emerge

The Russian group that targeted software company SolarWinds in 2020 recently attacked more US agencies

New details are emerging from a cyberattack that hit about 3,000 email accounts and 150 government agencies and think tanks spanning 24 countries, including the U.S., this week.

Microsoft on Thursday evening announced that Nobelium, a Russian group of threat actors that targetted software company SolarWinds in 2020 as part of a months-long hacking campaign, recently attacked more U.S. and foreign government agencies using an email marketing account of the U.S. Agency for International Development (USAID).

USAID is aware of the attack, and a "forensic investigation into this security incident is ongoing," USAID acting spokesperson Pooja Jhunjhunwala said in a statement to FOX Business. 

SOLARWINDS HACKING CAMPAIGN PUTS MICROSOFT IN HOT SEAT

"USAID has notified and is working with all appropriate Federal authorities, including the U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA)," Jhunjhunwala said.

The U.S. fell victim to "the largest share of attacks" out of the 24 countries targeted, Microsoft said in its Thursday statement.

"At least a quarter of the targeted organizations were involved in international development, humanitarian, and human rights work," the tech giant said. "…These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts."

COLONIAL PIPELINE ATTACK INVOLVES ‘LITTLE KNOWN DARK SECRET’ WITH RUSSIA: GEN. JACK KEANE

Hackers used a tactic called "phishing," which is when bad actors send emails that are formatted to look trustworthy but contain malicious links, to conduct the attack. Cybersecurity firm Volexity identified the phishing campaign this week and noted that the hackers "likely" had "some success in breaching targets," according to a May 27 notice

Emails identified by Volexity contained a message that read, "USAID Special Alert: Donald Trump has published new documents on election fraud."

USAID phishing email campaign (Credit: Volexity) (Volexity )

Microsoft said "many" of the attacks targeting its customers were automatically blocked and that it is "in the process of notifying all of" its targeted customers. 

"We have no reason to believe these attacks involve any exploit against or vulnerability in Microsoft’s products or services," the company said. 

CLICK HERE TO READ MORE ON FOX BUSINESS

Microsoft believes "nation-state cyberattacks aren’t slowing" anytime soon.

"We need clear rules governing nation-state conduct in cyberspace and clear expectations of the consequences for violation of those rules," the company said. "…Microsoft will continue to work with willing governments and the private sector to advance the cause of digital peace."

Lotem Finkelsteen, head of Threat Intelligence at cybersecurity firm Check Point Software, told Fox Business in a statement that Nobelium's attacks "are not opportunistic or near-term, but rather strategic and long-term."

"While one attack is practiced in the wild, another one is cooking, and will be ready to serve as a replacement, if anything gets exposed. If you are a valuable target, the attackers won’t let you go," Finkelsteen said. "The only way to protect yourself from such strategic attacks is to enact a strategic defense. The next attack can come in any form."

GET FOX BUSINESS ON THE GO BY CLICKING HERE

The latest attack comes after Bloomberg reported earlier this month that the Colonial Pipeline paid $5 million in ransom to a group of hackers called DarkSide that targeted its infrastructure, causing gas shortages up and down the East Coast for several days.

The Biden administration last week said it planned to launch a task force aimed at cracking down on hackers responsible for ransomware attacks after the Colonial attack.

The Associated Press contributed to this report.