Nobelium: Hacking group behind massive SolarWinds attack has struck again, Microsoft says

The latest headlines from our reporters across the US sent straight to your inbox each weekday

Your briefing on the latest headlines from across the US

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

The Russian hacking group suspected of carrying out last year's massive SolarWinds hack has reportedly carried out a second attack.

Microsoft published a blog post on Thursday saying the group, called Nobelium, had targeted more than 150 organisations across the world last week. Its targets included government agencies, think tanks, and nongovernmental organisations.

The software company said the hackers sent phishing emails – which are meant to trick users into clicking on them before offloading malicious software onto a target device – to more than 3,000 email accounts.

A Microsoft spokesman said the organisations targeted primarily deal with international development or humanitarian and human rights work.

“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Tom Burt, Microsoft's corporate vice president of customer security and trust, said.

The attacks affected organisations in at least 24 countries, though the US received the bulk of the attacks.

Last month, the US government laid blame for the SolarWinds hack on Russia's SVR, the successor agency to the Soviet-era KGB.

The Kremlin has predictably denied any knowledge or involvement in the cyberattacks, and has demanded that Microsoft prove that Russia is somehow connected to the hacks.

Despite denying any involvement, Russia’s spy chief said he was “flattered” that the US and UK were suggesting his operatives were behind the highly sophisticated attacks.

Nobelium reportedly gained access to a US Agency for International Development email marketing list, which is maintained on a platform called Constant Contact.

The hackers used USAID's list to send out its thousands of phishing emails.

A spokesperson for Constant Contact told CNBC that the company was aware of the attack.

“This is an isolated incident, and we have temporarily disabled the impacted accounts while we work in cooperation with our customer, who is working with law enforcement,” they said.

Microsoft President Brad Smith described the attacks as “the largest and most sophisticated attack the world has ever seen.”

The breach is the latest hack to make national headlines.

In addition to the SolarWinds attacks last year, a cyberattack from a group called DarkSide sparked gas shortages in the US after it compromised the networks of Colonial Pipeline, which provides fuel to almost half of the East Coast.