Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Axios on your phone

Get breaking news and scoops on the go with the Axios app.

Download for free.

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Russian President Vladimir Putin during a video message to the Russian Congress on May 27. Photo: Sergei Ilyin/AFP via Getty Image

The same Russian hackers behind the massive SolarWinds breach have launched a new wave of cyberattacks targeting government agencies, think tanks, consultants and NGOs, Microsoft disclosed late Thursday night.

Why it matters: The revelation of the ongoing attack comes less than two months after the U.S. imposed sanctions and expelled Russian diplomats in response to the SolarWinds hack, described by Microsoft as the "most sophisticated attack the world has ever seen."

  • The new breach was discovered just weeks before President Biden is set to hold his first in-person summit with Russian President Vladimir Putin in Geneva, and comes on the heels of other Russian-backed cyber espionage campaigns.

Microsoft said the hacking group Nobelium, which is linked to Russia’s main intelligence agency, was behind the attack.

  • The Kremlin-linked hacking group took control of a U.S. Agency for International Development account and sent legitimate-looking emails containing malicious files to international human rights groups and humanitarian organizations, according to Microsoft.
  • Microsoft, which monitors for malicious activity on the internet, said this attack "differs significantly" from the SolarWinds breach, with the hackers appearing to use newer tools and tradecraft.

How it works: Nobelium gained access to USAID's Constant Contact email marketing account, allowing the group to send malicious emails that appeared to come from genuine government addresses to 3,000 emails across more than 150 organizations.

  • The emails contained a "backdoor" through which the hacks could steal data and infect other computers on a network. Some of the emails were flagged by automated email threat detection systems, but some may have been successfully delivered.
  • Many of the organizations targeted have been critical of Putin and have revealed and condemned Russian action against dissidents, including the poisoning and jailing of opposition leader, Alexei Navalny, according to the New York Times.
An example of a phishing email meant to resemble a legitimate email from USAID. Screenshot: Microsoft

What they're saying: A spokesperson for the Cybersecurity and Infrastructure Security Agency told the Times Thursday that the agency was “aware of the potential compromise, and that it was working with USAID and the FBI "to better understand the extent of the compromise and assist potential victims.”

  • "First, when coupled with the attack on SolarWinds, it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers," Tom Burt, a Microsoft vice president, wrote in a blog post Thursday.
  • "By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem," Burt added.
  • “At least a quarter of the targeted organizations were involved in international development, humanitarian, and human rights work."

The big picture: The attack suggests Russia is not slowing its hacking campaigns against the U.S. government and U.S.-based companies, despite new sanctions.

Go deeper

Microsoft identifies new Russian cyberattack on rights groups

Illustration: Aïda Amer/Axios

The same Russia-based "threat actor" responsible for last winter's Solarwinds attack is at it again, according to a Microsoft report posted late Thursday — this time, targeting human rights and international aid groups.

By the numbers: The attackers, whom Microsoft refers to as Nobelium, targeted roughly 3000 email accounts at 150 organizations in 24 countries, including "government agencies, think tanks, consultants, and non-governmental organizations." The largest share of attacks hit U.S. organizations.

44 mins ago - Sports

Axios AM Deep Dive: The Covid Olympics

Illustration: Annelise Capossela/Axios

Welcome to our Axios AM Deep Dive behind the scenes of the Tokyo Olympics detailing the impact of the COVID pandemic, led by Ina Fried, who's on the ground in Tokyo, plus Kendall Baker, who's covering the Games every day in his Axios Sports newsletter.

Firefighters end search for bodies at Surfside

A picture in the memorial that has photographs of some of the victims from the partially collapsed 12-story Champlain Towers South condo building on July 15 in Surfside, Florida. Photo by Joe Raedle/Getty Images

Firefighters on Friday concluded their search for bodies at the site of the June 24 collapse of the Champlain Towers South condominium in Surfside, Florida.

Driving the news: 97 people were killed and one woman, Estelle Hedaya, remains missing.