Russia has unleashed its cyber spies on humanitarian agencies and think tanks in the U.S. and around the world using an email marketing account of the U.S. Agency for International Development (USAID), Microsoft warns.
Microsoft Vice President Tom Burt said the hackers targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work.
According to Burt, Moscow used the same state-backed group behind the SolarWinds hacking campaign that prompted the U.S. to impose sanctions on several Russian entities.
The New York Times reported that many of the targeted groups are the types that have been critical of Russian President Vladimir Putin.
Burt’s didn’t specify which attempts may have led to successful intrusions.
A spokesperson for the U.S. Cybersecurity and Infrastructure Security Agency (CISA) told CBS News, “We are aware of the potential compromise at USAID through an email marketing platform and are working with the FBI and USAID to better understand the extent of the compromise and assist potential victims.”
The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft , said in a post that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”
The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that enables hackers to “achieve persistent access to compromised machines.”
“Nation-state cyberattacks aren’t slowing. We need clear rules governing nation-state conduct in cyberspace and clear expectations of the consequences for violation of those rules,” Burt said.