Hackers affiliated with Russia’s main intelligence agency secretly seized an email system that was used by the State Department’s international aid agency to penetrate computer networks of human rights groups and other organizations under President Vladimir V. Microsoft has been a critic of Putin, Microsoft Corporation revealed on Thursday.
The discovery of the breach comes just three weeks before President Biden is scheduled to meet Mr. Putin in Geneva, and in a moment of heightened tension between the two countries – due to a series of increasingly sophisticated cyber attacks emanating from Russia.
The newly disclosed attack was also particularly bold: hackers sent genuine-looking emails, breaking into a supplier’s systems used by the federal government. In more than 3,000 accounts in more than 150 organizations that regularly receive communications from the United States Agency for International Development. Those emails went out as recently as this week, and Microsoft said it believes the attacks are ongoing.
The email was implanted with code that would give hackers unlimited access to the recipients’ computer systems, from “stealing data to infect other computers on the network”. Microsoft vice president Tom Burt wrote on Thursday night.
Last month, Mr Biden announced series of new restrictions on Russia and the expulsion of diplomats for a sophisticated hacking operation, Called solarwinds, Which used new methods to dissolve at least seven government agencies and hundreds of large US companies.
The attack was not detected by the US government for nine months, until it was discovered by a cyber security firm. In April, Mr. Biden said he could have responded more strongly, but “Chosen to be proportional” Because he did not want “a cycle of conflict and conflict with Russia to begin.”
The Russian response nonetheless seems to be increasing. Just like last week there was malicious activity going on. This suggests that sanctions and any additional covert actions the White House took – part of a “seen and overlooked” cost-making strategy for Moscow – have not suppressed the Russian government’s appetite for disruption.
A spokesman for the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security said late Thursday that the agency was “aware of a potential settlement” at the Agency for International Development and that it was “working with the FBI and USAID to better understand . ” The extent of the agreement and assisting potential victims. “
Microsoft identified the Russian group behind the attack as Nobelium, and said it was the same group responsible for the SolarWinds hack. Last month, the US government explicitly stated that SolarWinds was the work of SVR, one of the most successful spinoffs from the Soviet-era KGB.
This agency was involved in the hacking of the Democratic National Committee in 2016 and earlier attacks on the unclassified communications of the Pentagon, the White House email system and the State Department.
Federal officials and experts say it has become increasingly aggressive and constructive. The SolarWinds attack was never detected by the United States government, and was carried out through implanted code in network management software that is widely used by government and private companies. When customers updated SolarWinds software – such as updating the iPhone overnight – they were inadvertently letting go of an invader.
The victims last year included the Department of Homeland Security and Energy as well as nuclear laboratories.
When Mr. Biden came into office, he ordered a SolarWinds case study, and officials are working to prevent future “supply chain” attacks, in which adversaries infect software used by federal agencies. This is similar to the case when Microsoft’s security team caught hackers using a widely used email service provided by a company called Constant Contact to send malicious emails. The actual one came from the Agency for International Development Address.
But the material was, at times, hardly subtle. In an email sent through Constant Contact’s service on Tuesday, the hackers highlighted a message claiming that “Donald Trump has published new emails on electoral fraud.” The email contains a link that, when clicked, causes malicious files to be dropped onto the recipients’ computers.
Microsoft noted that SolarWinds was “significantly different” from the hack, using new tools and tradecraft in an apparent effort to avoid detection of the attack. It said the attack was still on and hackers continued to send spearfishing emails with speed and scope. This is why Microsoft took the unusual step of naming an agency whose email address was being used and publishing samples of fake emails.
In short, the Russians got into the agency for an international development email system by routing around the agency and going directly behind their software suppliers. Constant Contact manages collective email and other communications on behalf of the support agency.
Microsoft’s Mr. Burt wrote, “Nobelium launched this week’s attacks by gaining access to USAID’s Constant Contact account.” Could not be contacted continuously for comment.
Microsoft, like other major firms involved in cyber security, maintains a vast sensor network to monitor malicious activity on the Internet, and is often a target on its own. It was deeply involved in revealing the Solarwinds attack.
In this case, Microsoft reported, the goal of the hackers was not to go after the state department or aid agency, but to use their connections to go inside groups that work in the field – and in many cases Mr. Putin Let’s rank between Powerful critic.
“At least a quarter of the target organizations were involved in international development, humanitarian and human rights work,” Mr Burt wrote. Although they did not name him, many such groups have exposed Russian actions against dissidents, or Alexei A., Russia’s best-known opposition leader. Navalni was poisoned, convicted and imprisoned.
The attack suggests that Russia’s intelligence agencies are stepping up their operations, perhaps to demonstrate that the country will not back down in the face of sanctions, expulsion of diplomats and other pressures.
Mr Biden raised the Solarwind attack with Mr Putin in a phone call last month, telling him the sanctions and removals were a demonstration of how his administration would no longer tolerate the increased pace of cyber operations.
Mr. Putin has denied Russian involvement, and some Russian news outlets have argued that the United States launched an attack against him.
At the time, the White House also imposed a number of new sanctions on Russian persons and assets, including new restrictions on buying Russia’s sovereign debt, which would make it more difficult for Russia to raise money and support its currency.
Treasury Secretary Janet L. Yellen said at the time, “This is the beginning of a new American campaign against Russian malicious behavior.”
Tensions over Russia harboring cybercriminals escalated this month when a ransomware group took a ransomware group hostage. Trade Network on Colonial Pipeline. The attack forced the company to close a pipeline that brings about half the gas, diesel and jet fuel to the East Coast, causing gas prices to rise and panic at the pump.
Mr. Biden said two weeks ago that “we” We are in direct contact with Moscow regarding the need for responsible countries to take decisive action against these ransomware networks.