Microsoft cybersecurity (opens in new tab) researchers have found evidence of a malicious large-scale spear-phishing email campaign that they believe is operated by the same threat actors who were behind the SolarWinds (opens in new tab) supply chain attack.
Researchers at Microsoft’s Threat Intelligence Center (MSTIC) believe that the threat actor known as Nobelium, is once again targeting (opens in new tab) government agencies, think tanks, consultants, and non-governmental organizations via the new campaign.
Notably, the researchers add that prima facie evidence suggests that the latest Nobelium campaign “differs significantly” from the one that involved the compromise of the SolarWinds Orion platform.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
>> Click here to start the survey in a new window (opens in new tab)<<
- Protect your devices with these best antivirus software (opens in new tab)
- We've put together a list of the best endpoint protection (opens in new tab) software
- Here are the best ransomware protection tools (opens in new tab)
“It is likely that these observations represent changes in the actor’s tradecraft and possible experimentation following widespread disclosures of previous incidents,” writes MSTIC in a post detailing the new campaign.
The researchers add that as this is an ongoing campaign, it’s possible that MSTIC’s observations might change over time.
According to the post, the new campaign leverages the legitimate Constant Contact (opens in new tab) service to send malicious links that were obscured behind the mailing service’s URL.
MSTIC's tracking has revealed that Nobelium launched the attacks by breaking into an email marketing (opens in new tab) account used by the United States Agency For International Development (USAID) before launching the phishing attacks on other organizations.
The latest campaign targets approximately 3000 individual accounts across more than 150 organizations, that MSTIC researchers note employ “an established pattern of using unique infrastructure and tooling for each target,” which also enables them to fly under the radar for a long time.
- Here’s our roundup of the best email services (opens in new tab)