Microsoft Says Russia-Based Hackers Launch New Cyberattack Through US Aid Agency E-Mail

May 29, 2021Coffee or Die
USAID Russia

U.S. Agency for International Development ventilators are loaded onto a U.S. Air Force C-17 Globemaster III assigned to Joint Base Charleston, South Carolina, to be delivered to Moscow, Russia, at Dover Air Force Base, Delaware, June 2, 2020. U.S. Air Force photo by Senior Airman Christopher Quail via DVIDS.

This article was originally published May 28, 2021, by Radio Free Europe/Radio Liberty. 

Microsoft says Russian hackers have launched a new assault on government agencies and think tanks using an e-mail marketing account of the U.S. Agency for International Development (USAID).

The “wave of attacks” targeted about 3,000 e-mail accounts at more than 150 different organizations, Microsoft Vice President Tom Burt said in a blog post.

At least a quarter of the organizations are involved in international development and humanitarian and human rights work, and the targeted victims are in at least 24 countries, Burt said, without saying whether any of the attempts led to successful intrusions.

He said many of the attacks targeting Microsoft customers were blocked automatically and that the company is in the process of notifying all customers who were targeted.

The discovery of the cyberattack, which the Kremlin on May 28 called “unfounded,” comes only three weeks before President Joe Biden is scheduled to meet Russian President Vladimir Putin in Geneva and at a moment of heightened tensions between the two nations over issues including the SolarWinds cyberattack on U.S. computers discovered in December, but also the military threats to Ukraine and Russia’s treatment of jailed opposition activist Aleksei Navalny.

USAID Russia
Brock Bierman, U.S. Agency for International Development assistant administrator, and U.S. Air Force Airmen hang an American flag above USAID ventilators to be delivered to Moscow, Russia, on a U.S. Air Force C-17 Globemaster III assigned to Joint Base Charleston, South Carolina, at Dover Air Force Base, Delaware, May 19, 2020. U.S. Air Force photo by Senior Airman Christopher Quail via DVIDS.

Biden announced sanctions on Russia and the expulsion of diplomats last month in response to the SolarWinds cyberattack.

Burt said the hacking group Nobelium, originating from Russia, is behind the latest attacks and is the same actor behind the attack on SolarWinds customers.

“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Burt said.

The hackers gained access to USAID’s account at an e-mail marketing service, Microsoft said. The marketing service then sent out authentic-looking phishing e-mails dated May 25 that included a link to malware designed to allow the hackers to “achieve persistent access to compromised machines.”

Kremlin spokesman Dmitry Peskov told reporters that Moscow does not have any detailed information from Microsoft on the attack and that it so far is not a topic on the agenda for the June 16 summit.

Microsoft said in a separate blog post that the newly discovered campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass mailings that occurred this week.

While the SolarWinds hacking operation was stealthy and went on for most of 2020 before being detected, the more recent assault was easier to detect.

Burt said nation-state cyberattacks are not slowing and that the world needs rules governing nation-state conduct in cyberspace.

“This is yet another example of how cyberattacks have become the tool of choice for a growing number of nation-states to accomplish a wide variety of political objectives,” Burt said.

The United States and Britain have blamed Russia’s Foreign Intelligence Service (SVR) for the SolarWinds hack, which compromised nine U.S. federal agencies and hundreds of private sector companies.

This month, Russia’s spy chief denied responsibility for the SolarWinds cyberattack but said he was “flattered” by the accusations that Russian foreign intelligence was behind such a sophisticated hack.

Copyright (c)2021 RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave NW, Ste 400, Washington DC 20036.

Coffee or Die
Coffee or Die

Coffee or Die is Black Rifle Coffee Company’s online lifestyle magazine. Launched in June 2018, the magazine covers a variety of topics that generally focus on the people, places, or things that are interesting, entertaining, or informative to America’s coffee drinkers — often going to dangerous or austere locations to report those stories.

More from Coffee or Die Magazine
US: War Crimes on All Sides in Ethiopia's Tigray Conflict

The Biden administration announced Monday that it has determined all sides in the brutal conflict in Ethiopia’s northern Tigray region committed war crimes and crimes against humanity.

March 20, 2023Associated Press
military pilots cancer rates
Higher Cancer Rates Found in Military Pilots, Ground Crews

In its yearlong study of almost 900,000 service members who flew on or worked on military aircraft b...

March 20, 2023Associated Press
whiskey pour
Veterans Lead the Way Among America’s Growing Craft Distilleries

American veterans are taking the lessons they learned in the military and changing the craft distilling industry.

March 20, 2023Mac Caltrider
military suicide veteran suicide
Military Moves To Cut Suicides, But Defers Action on Guns

In a memo released Thursday, Austin called for the establishment of a suicide prevention working gro...

March 17, 2023Associated Press
us military drills japan-south korea
US, Partners Stage Military Drills Amid Japan-South Korea Talks

The Sea Dragon 23 exercises that started on Wednesday will culminate in more than 270 hours of in-fl...

March 17, 2023Associated Press
leo jenkins a word like god
‘A Word Like God’: New Book From Army Ranger Leo Jenkins

In his latest poetry collection, Ranger-turned-writer Leo Jenkins turns away from war to explore cosmic themes of faith, fatherhood, and art.

March 16, 2023Mac Caltrider
us drone
Pentagon Video Shows Russian Jet Dumping Fuel on US Drone

The Pentagon on Thursday released video of what it said was a Russian fighter jet dumping fuel on a ...

March 16, 2023Associated Press
10th Mountain Division
‘Climb to Glory’ — A History of the US Army’s 10th Mountain Division

From the mountains of Italy to the mountains of Afghanistan, the US Army’s 10th Mountain Division built its legendary reputation by fighting in some of the most inhospitable places in the world.

March 16, 2023Matt Fratus
  • About Us
  • Privacy Policy
  • Careers
Contact Us
  • Request a Correction
  • Write for Us
  • General Inquiries
© 2023 Coffee or Die Magazine. All Rights Reserved