CLOSEicon close

White House cyber security official warns of continued fallout from the SolarWinds hack. Anne Neuberger says while “the remediation, the fix and cleanup work is underway already,” roughly 18,000 companies had downloaded the malicious software. (Feb. 17) AP Domestic

Hackers with suspected ties to the Russian government launched new assaults on human rights groups and government agencies, including email accounts used by the State Department’s international aid agency, Microsoft revealed late Thursday. 

Microsoft Vice President Tom Burt disclosed the breach in a blog post, saying the “wave of attacks” targeted about 3,000 email accounts across 24 countries, at more than 150 organizations involved in international development and humanitarian work.

The U.S. received the largest share of attacks, Burt said. 

The discovery of the cyberattack comes just a few weeks before President Joe Biden is due to meet with Russia’s President Vladimir Putin at a summit in Geneva and adds to the growing list of complaints Biden is likely to bring up with Putin in Switzerland. 

Geneva summit: Biden to meet with Putin on June 16 in Switzerland

What is Nobelium?

“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Burt, who is Microsoft’s vice president of customer security and trust, wrote in the post.

Microsoft said Nobelium is the same group responsible for the SolarWinds hack, a sweeping cyberattack that compromised at least half a dozen U.S. federal agencies including the Department of Homeland Security and Energy Department, as well as thousands of companies in the private sector. U.S. intelligence agencies believe the SolarWinds hack is the work of SVR, Russia’s Foreign Intelligence Service.  

Biden last month expelled Russian diplomats and announced new sanctions on Russia in retaliation for the massive SolarWinds hacking operation, which began in early 2020 but was only discovered in December that same year. GCHQ, Britain’s National Cyber Security Centre, also believes the Kremlin was likely behind the SolarWinds breach. 

Russia denies any involvement in the SolarWinds hack, but SVR director Sergei Naryshkin said in mid-May that he was “flattered” by the accusations from Washington and London. Russia has not commented on the new Nobelium hacking allegations.  

SolarWinds: Russia expels US diplomats in response to Washington’s similar action 

Microsoft did not disclose whether the new breach by Nobelium was ultimately successful. However, it said the cyberattack operation involved sending phishing emails made to resemble legitimate ones, but engineered to deliver harmful files.  

The assault appeared largely aimed at U.S. and international humanitarian think tanks, consultancies and agencies who have been critical of Russia’s crackdown on democracy activists such as Alexey Navalny, who was jailed in Russia in February for breaking parole conditions despite being in Germany where he was receiving treatment for poisoning with a Russian-made military grade nerve agent called Novichok.

‘Putin is turning his main threat into a martyr’: ‘Will Russia’s attack on Alexei Navalny, journalists and 5,700 detained Russians backfire?

Phishing attempt included Trump ‘election fraud’ emails as lure

In one example of the attempted phishing breach highlighted by Microsoft, an email that appears to originate from a USAID email account claims that “Donald Trump has published new emails on election fraud.” If the recipient of that email were to click on the link supplied it would place malicious files on the user’s computer, Microsoft said. 

The technology giant said Nobelium was able to launch the new assault after gaining access to an email marketing service used by USAID, or the United States Agency for International Development. USAID is the main American government agency responsible for delivering foreign civilian aid and development assistance. It is an independent agency, but formally administered by the State Department. 

USAID’s acting spokesperson Pooja Jhunjhunwala said the agency was “aware of potentially malicious email activity” and that a “forensic investigation into this security incident is ongoing.” The Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security could not immediately be reached for comment.

The White House has not commented. 

Terry Thompson, an expert in cybersecurity at Johns Hopkins University, described the suspected state-sponsored SolarWinds hack as “one of the most devastating cyberattacks in history.” But the U.S. has also been contending with what appears to be increasingly bold assaults from private Russia-based cyberattack gangs. 

The FBI believes, for example, that the main culprit of a ransomware attack called DarkSide that in early May shutdown Colonial Pipeline, the U.S.’s largest fuel pipeline, is a Russian cybercrime criminal network that operates by the same name. 

CLOSEicon close

Hackers hit hundreds of critical systems last year and watchdogs say we’re not doing enough head off more. USA TODAY

Biden-Putin meeting: Add this to the list?

The scheduled June 16 face-to-face encounter between Biden and Putin in Switzerland will take place against the backdrop of a long tense relationship between Washington and Moscow that is off to a rocky start under the Biden administration. 

White House press secretary Jen Psaki said no formal preconditions or talking points have been set for the meeting. However, in addition to allegations over the Kremlins’s tacit or explicit endorsement of hacking attacks, the agenda will almost certainly extend to Russia’s territorial aggressions in neighboring Ukraine, a forced diversion this week of a Lithuania-bound commercial flight by Russian-ally Belarus so that the latter could arrest a dissident-journalist, and Navalny’s ongoing detention.

CLOSEicon close

The White House confirms President Joe Biden will meet next month with Russian President Vladimir Putin in Switzerland at the tail end of his first international trip. Press secretary Jen Psaki insists the meeting is in no way a reward to Putin. (May 25) AP Domestic

Opinion: To face Russia and Vladimir Putin, Joe Biden needs a smart strategy

The summit is likely also to touch on Russia’s work on a gas pipeline called Nord Stream 2 that the U.S. has determined is a threat to European energy security, efforts by both nations to stem the coronavirus pandemic, and assessments by U.S. intelligence agencies that Russia is the main suspect in connection with a group of U.S. diplomats and government employees suffering from “Havana Syndrome,” a mysterious neurological condition whose symptoms include headaches, tinnitus and balance issues.

The syndrome, potentially the result of directed microwave energy that could be part of a futuristic weapon possibly under development by Russia, was first discovered at the U.S. embassy in Cuba in 2018. Russia adamantly denies any involvement. Unexplained illnesses connected to the syndrome have since expanded to U.S. government workers and their families in China, Western Europe and even in the U.S. 

Read or Share this story: