May 27, 2021 - Technology

Microsoft identifies new Russian cyberattack on rights groups

Illustration of a giant cursor piercing a laptop screen.

Illustration: Aïda Amer/Axios

The same Russia-based "threat actor" responsible for last winter's Solarwinds attack is at it again, according to a Microsoft report posted late Thursday — this time, targeting human rights and international aid groups.

By the numbers: The attackers, whom Microsoft refers to as Nobelium, targeted roughly 3000 email accounts at 150 organizations in 24 countries, including "government agencies, think tanks, consultants, and non-governmental organizations." The largest share of attacks hit U.S. organizations.

"These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts," a post by Tom Burt, Microsoft's corporate vice president, customer security and trust, said.

How it worked: Nobelium broke into an email marketing account used by USAID and from there launched phishing attacks on many other organizations, according to Microsoft.

The big picture: "This is yet another example of how cyberattacks have become the tool of choice for a growing number of nation-states to accomplish a wide variety of political objectives," Microsoft's post said.

Go deeper