According to Microsoft, the Russian hacker group Nobelium (who are believed to be behind the SolarWinds attack) has hijacked an email system used by USAID to target government agencies, as well as various human rights groups and NGOs worldwide.
Nobelium are named after a radioactive metal, and they seek to contaminated digital and cyber services. As an example of one of the recent attacks, Microsoft report that the hackers used former President Donald Trump’s name in various emails that were sent to the targeted users.
The group reportedly sent emails to more than 3,000 accounts at more than 150 organisations in what Microsoft is calling an “active incident”, mainly focused on the U.S. but spanned at least 24 countries.
However, Russia has denied the attack came from within its territory. The Kremlin has stated it does not have any information on the cyberattack. Moreover, Russian authorities have suggested that Microsoft needs to provide evidence as to how the attack is linked to Russia
Considering the impact of this latest nefarious activity for Digital Journal is Steve Forbes, government cyber security expert at Nominet.
Forbes begins by considering the nature of the attack: “The SolarWinds attack was noteworthy for its sophistication. Here, we can see the same group using a much more common tactic – a phishing campaign – but in an equally dangerous way due to the fact it is targeted at compromising government organisations.”
There is more to consider as well, Forbes notes: “The most noteworthy aspect of this campaign is its breadth. By compromising a high-profile target – USAID – the hackers have managed to secure a launchpad to then target more than 150 organisations, across 24 countries, from an email address they will trust.”
Forbes notes that on this occasion the attack was prevented: “Thankfully Microsoft has identified the attack and it seems that in many cases the emails will have been identified as suspicious and blocked before they got to their target”.
Yet there concerns for the future, Forbes states: “This is a dangerous situation – as phishing attacks are essentially a numbers game and the attackers are playing the odds. If they target 3,000 accounts, it only takes one employee to click on the link to establish a backdoor for the hackers in a government organisation.”
In terms of what is needed in terms of remediation, Forbes suggests :”This is why it is so important to have a broad base level of security across all government departments, to reduce the opportunity for hackers to gain a foothold through broad, sweeping campaigns.”
He adds: “It is also important that systems are continuously monitored to detect breaches. We have to assume that at some point these organisations will be breached so detecting and effectively responding to these types of attack becomes critical to reducing the impact and risk of further disruption inside that organisation or those they do business with.”
