The cybercriminals infiltrated an email system used by the US State Department. The incident takes place three weeks after Joe Biden meets with the Russian president in Geneva.
Hackers affiliated with the Central Intelligence Agency (CIA) have seized an email system used by the US State Department's international aid agency to gain access to the computer networks of human rights groups and other such organizations. Vladimir Putin has been criticized. Microsoft Corporation revealed on Thursday.
The discovery comes three weeks after US President Joe Biden meets with his Russian counterpart in Geneva. At a time of rising tensions between the two countries, partly due to a series of increasingly sophisticated cybernetics.
By penetrating the systems of a provider used by the federal government, hackers sent emails that appeared to be authentic to some 3,000 accounts of more than 150 organizations that regularly receive communications from the United States Agency for International Development (USAID). This week, those emails were sent, and Microsoft believes the attacks are continuing, The New York Times reported.
On Thursday night, Microsoft vice president Tom Burt said the email was embedded with a code that gave hackers unlimited access to the recipient's computer system and that they could steal data and infect other computers on the network.
Last month, Biden announced the deportation of diplomats for a series of sanctions against Russia and a hacking operation known as Solar Winds, which violated at least seven government agencies and hundreds of large US companies. Modern methods were used.
It took nine months to detect the attack until a cybersecurity company discovered it. In April, the US president said he could respond more forcefully but chose to be proportionate because he "did not want to start a cycle of escalation and conflict with Russia."
However, according to The New York Times, the Russian response appears to have been an escalation. The malicious activity was already underway last week. This suggests that the sanctions and any other covert action the White House has taken - as part of a strategy to create "visible and non-visible" costs for Moscow - have not dampened the Kremlin's interest in the disruption.
A spokesman for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency said Thursday that the agency was "aware of the possible compromise" at the United States Agency for International Development and that it is working to better understand the scope of its engagement with the FBI and USAID and to help potential victims.
Microsoft identified the Russian group behind the attack as Nobelium and assured that it is the same one responsible for the hack of SolarWinds. Last month, the US government claimed it was the Foreign Intelligence Service (SVR) work, one of the most successful offshoots of the Soviet-era KGB.
According to The New York Times, the same agency was involved in the 2016 Democratic National Committee hack, attacks on the Pentagon, the White House email system, and the State Department's unclassified communications.
The Solar Winds attack was never detected by the United States and was carried out by public and private companies using code embedded in widely used network management software. When users updated the Solar Winds software, they unknowingly let the attacker go.
Among the victims of the past year are the Departments of Homeland Security and Energy and nuclear laboratories.
When Biden became president, he established a SolarWinds case study. US officials have been working to prevent future "supply chain" attacks, in which hackers infect software used by federal agencies.
This is exactly what happened in the last case when Microsoft's security team found out that hackers were using a widely used email service provided by a company called Constant Contact to send malicious emails. Send from the authorized addresses of the Agency for International. Development, detailed New York Times.
However, the content was unsubtle.
In an email sent via the Constantine Contact Service on Tuesday, the hackers released a message stating that "Donald Trump has posted new emails about voter fraud." This message contains a link that, upon clicking, will delete corrupted files on recipient computers.
Microsoft notes that the attack is significantly different from the Solar Winds hack, using new tools and techniques to avoid detection.
He assured me that it was still ongoing and that hackers continue to send emails with increasing speed and reach.
Therefore, Microsoft has decided to name the agency whose email addresses were being used and publish fake email samples.
The Russians broke the USAID email system by making the agency offensive and going directly to their software vendors. Handles bulk emails and other communications from the Permanent Liaison Agency.
Nobelium launched this week's attacks by gaining access to a USAID permanent contact account, Burt said.
Like other large cybersecurity companies, Microsoft maintains an extensive network of sensors to search for malicious activity on the Internet, and it is often a target as well.
In this case, according to Microsoft, the hackers' goal was not to go after the State Department or USAID but to use their contacts to enter groups that operate in the field, and, in many cases, Most of them are offensive. Putin
At least a quarter of the organizations selected were involved in international development, humanitarian, and human rights activities, Burt said. Although it did not name them, many of these groups have exposed Russian actions against the invaders or opposed the poisoning, sentencing, and imprisonment of opposition leader Alexei Navalny.
The attack suggests that Russian intelligence agencies are stepping up their campaign, perhaps to show that the country will not back down from sanctions, the expulsion of diplomats, and other pressure.
Biden raised the SolarWinds attack on Putin in a phone conversation last month, explaining that the sanctions and expulsions demonstrated that his administration would no longer tolerate an increase in cyber operations.