top of page

MICROSOFT DETECTS SOLARWINDS PHISHING ATTACK VS 150 GROUPS

  • Writer: By The Financial District
    By The Financial District
  • May 29, 2021
  • 2 min read

The state-backed Russian cyberspies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on US and foreign government agencies and thinktanks this week using an email marketing account of the US Agency for International Development (USAID), Microsoft said.

The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post, Frank Bajak reported for the Associated Press (AP).


It did not say what portion of the attempts may have led to successful intrusions. The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft, said in a post that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”


All the news: Business man in suit and tie smiling and reading a newspaper near the financial district.

Burt said the campaign appeared to be a continuation of efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.


The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”


Microsoft said in a separate blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.


While the SolarWinds campaign, which infiltrated dozens of private sector companies and thinktanks as well as at least nine US government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy, thus easy to detect.



Happyornot makes feedback terminals measuring customer satisfaction sing smiley-face buttons.


TFD (Facebook Profile) (1).png
TFD (Facebook Profile) (3).png

Register for News Alerts

  • LinkedIn
  • Instagram
  • X
  • YouTube

Thank you for Subscribing

The Financial District®  2023

bottom of page