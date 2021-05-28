



Hackers linked to Russia’s main intelligence agency surreptitiously seized an email system used by the State Departments’ International Aid Agency to burrow into the computer networks of human rights groups. man and other similar organizations that have criticized President Vladimir V. Putin, Microsoft Corporation has revealed. Thursday.

The discovery of the breach comes just three weeks before President Biden met Mr. Putin in Geneva, and at a time of heightened tension between the two countries, in part due to a series of increasingly sophisticated cyber attacks emanating from from Russia.

The recently exposed attack was also particularly bold: By breaching the systems of a provider used by the federal government, hackers sent genuine emails to more than 3,000 accounts in more than 150 organizations that regularly receive communications from the federal government. United States Agency for International Development. These emails were sent as recently as this week, and Microsoft has said it believes the attacks are underway.

The email was implanted with code that would give hackers unrestricted access to recipients’ computer systems, from data theft to infecting other computers on a network, Tom Burt, vice president, wrote Thursday evening. from Microsoft.

Last month, Mr Biden announced a series of new sanctions against Russia and the expulsion of diplomats for a sophisticated hacking operation, called SolarWinds, which used new methods to violate at least seven government agencies and hundreds of large American companies.

This attack went undetected by the US government for nine months, until it was discovered by a cybersecurity company. In April, Mr Biden said he could have responded much more firmly, but chose to be proportionate because he did not want to start a cycle of escalation and conflict with Russia.

The Russian response appears to have been escalating, however. Malicious activity was ongoing as recently as last week. This suggests that the sanctions and all the additional covert actions the White House has taken as part of a strategy to create visible and invisible costs for Moscow have not stifled the Russian government’s appetite for disruption.

A spokesperson for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency said Thursday evening that the agency is aware of the potential compromise from the Agency for International Development and is working with the FBI and USAID to better understand the extent of the problem. compromise and help potential victims.

Microsoft identified the Russian group behind the attack as Nobelium and said it was the same group responsible for the SolarWinds hack. Last month, the US government explicitly declared SolarWinds to be the work of the SVR, one of the most successful KGB spinoffs of the Soviet era.

The same agency was involved in the 2016 Democratic National Committee hack, and before that, in attacks on the Pentagon, the White House messaging system, and unclassified communications from state departments.

He has become increasingly aggressive and creative, say federal officials and experts. The SolarWinds attack was never detected by the United States government and was carried out through code embedded in network management software that the government and private companies use widely. When customers updated SolarWinds software much like updating an iPhone overnight, they were unintentionally letting in an invader.

Among the victims last year were the departments of homeland security and energy, as well as nuclear laboratories.

When Mr Biden came to power, he commissioned a study into the SolarWinds case, and officials worked to prevent future supply chain attacks, in which adversaries infect software used by federal agencies. . It’s similar to what happened in this case, when Microsofts’ security team caught the hackers using a widely used email service, provided by a company called Constant Contact, to send e- malicious emails that appeared to come from genuine Agency for International Development addresses.

Update

May 26, 2021, 9:17 p.m. ET

But the content was sometimes barely subtle. In an email sent via the Constant Contacts service on Tuesday, the hackers highlighted a message claiming that Donald Trump had posted new emails about electoral fraud. The email contained a link that, when clicked, drops malicious files onto the recipients’ computers.

Microsoft noted that the attack was significantly different from the SolarWinds hack, using new tools and tools in an apparent effort to avoid detection. He said the attack was still ongoing and hackers continued to send spearphishing emails, with increasing speed and reach. That’s why Microsoft took the unusual step of naming the agency whose email addresses were being used and posting samples of the fake email.

Essentially, the Russians entered the International Development Agency’s email system by going around the agency and directly attacking its software vendors. Constant Contact manages mass emails and other communications on behalf of aid agencies.

Nobelium launched attacks this week by accessing USAID’s Constant Contact account, Microsoft’s Burt wrote. The constant contact could not be reached for comment.

Microsoft, like other large companies involved in cybersecurity, maintains a large network of sensors to look for malicious activity on the Internet and is often a target in itself. He was deeply involved in the exposure of the SolarWinds attack.

In this case, Microsoft reported, the hackers’ goal was not to attack the State Department or the aid agency, but to use their connections to get into groups working on the ground. and, in many cases, rank among Mr. Putin’s most powerful. reviews.

At least a quarter of the organizations targeted were involved in international development, humanitarian action and human rights, Mr Burt wrote. Although he did not name them, many such groups have exposed Russia’s action against dissidents or have protested against the poisoning, sentencing and imprisonment of the best-known opposition leader. from Russia, Alexei A. Navalny.

The attack suggests that Russian intelligence agencies are stepping up their campaign, perhaps to demonstrate that the country will not back down in the face of sanctions, expulsion of diplomats and other pressure.

Mr Biden brought up the SolarWinds attack with Mr Putin during a phone call last month, telling him that the sanctions and expulsions were a demonstration of how his administration would no longer tolerate an accelerated pace of cyber operations.

Mr Putin has denied Russian involvement, and some Russian media claimed that the United States launched the attack on itself.

At the time, the White House also imposed a series of new sanctions on Russian individuals and assets, including new restrictions on the purchase of Russian sovereign debt, which will make it more difficult for Russia to lift. funds and support its currency.

This is the start of a new American campaign against Russian malicious behavior, then Treasury Secretary Janet L. Yellen said.

Tensions over Russians harboring cybercriminals escalated dramatically this month after a ransomware group held Colonial Pipeline’s business networks hostage. The attack forced the company to shut down a pipeline that carries nearly half of the gas, diesel and jet fuel to the East Coast, sparking gas prices and panic buying at the pump.

Mr Biden said two weeks ago that we were in direct communication with Moscow about the imperative for the countries responsible to take decisive action against these ransomware networks.

