Russian hackers behind SolarWinds targeting government agencies, Microsoft warns

Further, the company said that at least a quarter of the targeted organizations were those who work in international development and human rights or humanitarian work. “Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020,” the company said.

The SolarWinds attack first began in 2020 and continued almost all through the year. It was found in December 2020 by security firm FireEye. The hackers snuck malicious code into a software called Orion, using it to compromise many organizations, including nine US government agencies. The Nobelium attack tries the same with “trusted technology providers” to infect their customers.

“Nobelium launched this week’s attacks by gaining access to the Constant Contact account of USAID. Constant Contact is a service used for email marketing. From there, the actor was able to distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call NativeZone,” Microsoft explained in its post. The company said this could help the hackers to “enable a wide range of activities” which includes stealing data, infecting other computers on a network and more.

However, the company also noted that Windows Defender, the anti-malware program that’s pre-installed on Windows, was able to stop attacks on its customers. It said it was in the process of notifying its customers, but this may come as good news for users since Windows Malware is pre-installed on all machines running official Windows.