Microsoft warns of ‘sophisticated’ Russian email attack targeting government agencies


Level 37
Thread author
Top poster
Nov 10, 2017
Microsoft has raised the alarm over a “sophisticated” ongoing cyberattack believed to be from the same Russia-linked hackers behind the SolarWinds hack. In a blog post, Tom Burt, Microsoft’s corporate vice president for customer security and trust, said the attack appears to be targeting government agencies, think tanks, consultants, and NGOs. In total, around 3,000 email accounts are believed to have been targeted across 150 organizations. Victims are spread across upward of 24 countries, but the majority are believed to be in the US.

According to Microsoft, hackers from a threat actor called Nobelium were able to compromise the US Agency for International Development’s account on a marketing service called Constant Contact, allowing them to send authentic-looking phishing emails. Microsoft’s post contains a screenshot of one of these emails, which claimed to contain a link to “documents on election fraud” from Donald Trump. However, when clicked, this link would install a backdoor that let the attackers steal data or infect other computers on the same network.

Andy Ful

From Hard_Configurator Tools
Top poster
Dec 23, 2014
An example of the attack:


More about HTML smuggling (good and well known technique):
The article shows also a difference between downloading and smuggling.

The malicious shortcut file (slip.lnk) can use LOLBins to execute the malicious code.
Other even more sophisticated attacks are noted here: