SolarWinds Hackers Used a U.S. Agency Email Account to Send Malware Messages During the 2020 Election
According to the Associated Press, Russian-based hackers behind the SolarWinds hacks sent malware-infected emails to over 3,000 accounts in more than 150 organizations via a marketing account of the US Agency for International Development.
The phishing emails, which were received on May 25, purported to provide new material on 2020 election fraud allegations and included a link that allowed hackers to “gain persistent access to compromised machines.”
The newest hacking attempts, according to the Associated Press, are ongoing and have developed since the first efforts were discovered in January.
See the list below for more Associated Press reporting.
Microsoft could not specify how many of the efforts resulted in successful invasions, but it did note that many of those aimed at Microsoft customers were immediately blocked. Burt added, “We’re also in the process of alerting all of our clients who have been targeted.”
Volexity, a cybersecurity firm that also followed the effort but has less visibility into email systems than Microsoft, wrote in a blog post that the attacker was “likely having some success in penetrating targets” due to the low detection rates of the phishing emails.
The campaign looked to be a continuation of Russian hackers’ previous efforts to “target government entities involved in foreign policy as part of intelligence collection efforts,” according to Burt. According to him, the targets covered at least 24 countries.
Separately, FireEye, a prominent cybersecurity firm, said it has been tracking “multiple waves” of related spear-phishing by hackers from Russia’s SVR foreign intelligence agency since March — prior to the USAID campaign — that used a variety of lures such as diplomatic notes and invitations from embassies.
The United States Agency for International Development (USAID) and Constant Contact, an email marketing firm utilized by the USAID account, supplied no additional information on how the hackers got access. A forensic investigation is ongoing, according to USAID spokeswoman Pooja Jhunjhunwala, and the agency is cooperating with the Cybersecurity and Infrastructure Security Agency. Kristen Andrews, a spokeswoman for Constant Contact, described the situation as a “isolated issue,” with the affected accounts temporarily deleted.
While the SolarWinds effort, which infiltrated dozens of private sector firms and think tanks, as well as at least nine US government entities, was extremely covert and lasted for the majority of 2020 before being discovered by FireEye in December, this effort is what. This is a condensed version of the information.