Microsoft warns of ‘sophisticated’ Russian email attack targeting government agencies

CyberTech

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Content source
https://www.theverge.com/2021/5/28/22458202/microsoft-nobelium-hack-usaid-email-phishing-hacking-target-solarwinds
Microsoft has raised the alarm over a “sophisticated” ongoing cyberattack believed to be from the same Russia-linked hackers behind the SolarWinds hack. In a blog post, Tom Burt, Microsoft’s corporate vice president for customer security and trust, said the attack appears to be targeting government agencies, think tanks, consultants, and NGOs. In total, around 3,000 email accounts are believed to have been targeted across 150 organizations. Victims are spread across upward of 24 countries, but the majority are believed to be in the US.

According to Microsoft, hackers from a threat actor called Nobelium were able to compromise the US Agency for International Development’s account on a marketing service called Constant Contact, allowing them to send authentic-looking phishing emails. Microsoft’s post contains a screenshot of one of these emails, which claimed to contain a link to “documents on election fraud” from Donald Trump. However, when clicked, this link would install a backdoor that let the attackers steal data or infect other computers on the same network.
Click to expand...
 
  • Like
Reactions: upnorth, Berny, plat and 10 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
An example of the attack:

1622917508905.png

More about HTML smuggling (good and well known technique):

Ways of phishing 2 - HTML smuggling

As a sequel of my previous post, I’m going to talk a little bit about another technique used in phishing that I encountered recently. This technique is HTML smuggling. This method is not new, but it definitely appears in more and more attacks, including phishing scenarios. This is why it is so...
forensixchange.com forensixchange.com
The article shows also a difference between downloading and smuggling.

The malicious shortcut file (slip.lnk) can use LOLBins to execute the malicious code.
Other even more sophisticated attacks are noted here:
www.microsoft.com

Breaking down NOBELIUM’s latest early-stage toolset | Microsoft Security Blog

In this blog, we highlight four tools representing a unique infection chain utilized by NOBELIUM: EnvyScout, BoomBox, NativeZone, and VaporRage. These tools have been observed being used in the wild as early as February 2021 attempting to gain a foothold on a variety of sensitive diplomatic and...
www.microsoft.com www.microsoft.com
 
  • Like
  • +Reputation
Reactions: Venustus, Berny, plat and 3 others
You must log in or register to reply here.

Similar threads

I
    • Like
Security News Microsoft explains how Russian hackers spied on its executives
Replies
1
Views
1,357
Security News
Vitali Ortzi
Vitali Ortzi
vtqhtr413
    • Like
    • +Reputation
Security News Midnight Blizzard attack highlights “worrying flaws” in Microsoft security
Replies
3
Views
4,761
Security News
vtqhtr413
vtqhtr413
vtqhtr413
    • Like
    • HaHa
Security News Microsoft overhaul treats security as ‘top priority’ after series of failures
Replies
1
Views
1,298
Security News
TairikuOkami
TairikuOkami

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top