AGL 38.02 Increased By ▲ 0.08 (0.21%)
AIRLINK 197.36 Increased By ▲ 3.45 (1.78%)
BOP 9.54 Increased By ▲ 0.22 (2.36%)
CNERGY 5.91 Increased By ▲ 0.07 (1.2%)
DCL 8.82 Increased By ▲ 0.14 (1.61%)
DFML 35.74 Decreased By ▼ -0.72 (-1.97%)
DGKC 96.86 Increased By ▲ 4.32 (4.67%)
FCCL 35.25 Increased By ▲ 1.28 (3.77%)
FFBL 88.94 Increased By ▲ 6.64 (8.07%)
FFL 13.17 Increased By ▲ 0.42 (3.29%)
HUBC 127.55 Increased By ▲ 6.94 (5.75%)
HUMNL 13.50 Decreased By ▼ -0.10 (-0.74%)
KEL 5.32 Increased By ▲ 0.10 (1.92%)
KOSM 7.00 Increased By ▲ 0.48 (7.36%)
MLCF 44.70 Increased By ▲ 2.59 (6.15%)
NBP 61.42 Increased By ▲ 1.61 (2.69%)
OGDC 214.67 Increased By ▲ 3.50 (1.66%)
PAEL 38.79 Increased By ▲ 1.21 (3.22%)
PIBTL 8.25 Increased By ▲ 0.18 (2.23%)
PPL 193.08 Increased By ▲ 2.76 (1.45%)
PRL 38.66 Increased By ▲ 0.49 (1.28%)
PTC 25.80 Increased By ▲ 2.35 (10.02%)
SEARL 103.60 Increased By ▲ 5.66 (5.78%)
TELE 8.30 Increased By ▲ 0.08 (0.97%)
TOMCL 35.00 Decreased By ▼ -0.03 (-0.09%)
TPLP 13.30 Decreased By ▼ -0.25 (-1.85%)
TREET 22.16 Decreased By ▼ -0.57 (-2.51%)
TRG 55.59 Increased By ▲ 2.72 (5.14%)
UNITY 32.97 Increased By ▲ 0.01 (0.03%)
WTL 1.60 Increased By ▲ 0.08 (5.26%)
BR100 11,727 Increased By 342.7 (3.01%)
BR30 36,377 Increased By 1165.1 (3.31%)
KSE100 109,513 Increased By 3238.2 (3.05%)
KSE30 34,513 Increased By 1160.1 (3.48%)

WASHINGTON: The state-backed Russian group behind a massive hacking campaign revealed last year has re-emerged with a series of attacks on government agencies, think tanks, consultants and other organizations, Microsoft security researchers said.

A security update from Microsoft late Thursday said the group known as Nobelium has stepped up attacks, notably targeting government agencies involved in foreign policy as part of intelligence gathering efforts.

Microsoft said it detected a “sophisticated” and large-scale campaign that delivered phishing emails delivering malicious software and enabling the hackers to get protected data from victims.

“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations,” Microsoft vice president Tom Burt said in a blog post.

The news comes a month after Washington imposed sanctions and expelled Russian diplomats in response to Moscow’s involvement in the massive attacks last year on SolarWinds, a security software firm, election interference and other hostile activity.

“When coupled with the attack on SolarWinds, it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers,” wrote Burt. “By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem.”

The new attacks enabled the hackers were able to gain access to email servers to be able spoof the US Agency for International Development and send out mass emails with disinformation, according to the update.

In one example, emails appearing to be from USAID showed a “special alert” stating that “Donald Trump has published new documents on election fraud.”

Users who clicked on the link were directed to a site delivering malicious software and enabling the hackers to exfiltrate data, according to Microsoft.

“This attack is still active, so these indicators should not be considered exhaustive for this observed activity,” Microsoft said in its update.

SolarWinds last year disclosed that as many as 18,000 customers and more than 100 US companies were affected by the hack. Its roster of clients includes government agencies and companies among the top 500 in the United States.

Washington has accused Russia of orchestrating the online assault, explicitly citing its Foreign Intelligence Service (SVR).

Comments

Comments are closed.