Microsoft warns of ‘sophisticated’ Russian email attack targeting government agencies

CyberTech

Level 36
Verified
Nov 10, 2017
2,538
17,196
Microsoft has raised the alarm over a “sophisticated” ongoing cyberattack believed to be from the same Russia-linked hackers behind the SolarWinds hack. In a blog post, Tom Burt, Microsoft’s corporate vice president for customer security and trust, said the attack appears to be targeting government agencies, think tanks, consultants, and NGOs. In total, around 3,000 email accounts are believed to have been targeted across 150 organizations. Victims are spread across upward of 24 countries, but the majority are believed to be in the US.

According to Microsoft, hackers from a threat actor called Nobelium were able to compromise the US Agency for International Development’s account on a marketing service called Constant Contact, allowing them to send authentic-looking phishing emails. Microsoft’s post contains a screenshot of one of these emails, which claimed to contain a link to “documents on election fraud” from Donald Trump. However, when clicked, this link would install a backdoor that let the attackers steal data or infect other computers on the same network.
 

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,275
42,801
An example of the attack:

1622917508905.png

More about HTML smuggling (good and well known technique):
The article shows also a difference between downloading and smuggling.

The malicious shortcut file (slip.lnk) can use LOLBins to execute the malicious code.
Other even more sophisticated attacks are noted here:
 
Top