It really set-off a panic alarm when last year SolarWinds was hacked by a threat actor that goes by the name of Nobelium. It made organizations across the board to seriously ponder how safe their systems are. Nevertheless, one year removed from this event, it seems like the companies actually learned very little from it, as according to a recent statement by Microsoft Corp, the same Russian-origin threat actor, Nobelium is now targeting agencies, think tanks, consultants, and many non-governmental organizations as well.
The statement comes while the nation is still recovering from a ransomware attack on Colonial pipeline that occurred on 7th May, resulting in blocked movement of fuel within the nation for a good amount of days. If Microsoft’s statement is to be believed, then this new attack will be targeting over a total of 3,000 email accounts across 150 different organizations. The detail that demands attention here is that while it’s clear these organizations hail from different industries, they also stretch across a total of 24 countries. Microsoft also noticed a common pattern here in the targets ascertained. Almost all these targets have made some sort of contribution towards international development, participated in the resolving of humanitarian issues, and have a history of advocating human rights on the global stage.
Nobelium’s first string of attacks carried out this week started by completing a successful invasion into the email marketing account used by United States Agency for International Development (USAID). The hackers used the agency’s database to then initiate phishing attacks on other organizations. Microsoft also established that the basis of these fresh attacks were constructed during the infamous SolarWinds attack when the hackers use the company’s data to gain access to thousands of companies and government offices that used the company’s products. Microsoft’s President, Brad Smith described the SolarWinds attack as “the largest and most sophisticated attack the world has even seen.”
One theory that has had some traction for a while now is that the attack was orchestrated by Russian intelligence Agency, but so far Russia has denied any part in it. Lack of concrete evidence as of now also makes it harder to take meaningful steps with any allegation.