Cybersecurity firm Volexity, which also tracked the campaign but has less insight into email systems than Microsoft, said in a post The relatively low detection rates of the phishing emails suggest that the attacker “has likely had some success in violating targets.”
Burt said the campaign was a continuation of the multiple efforts of Russian hackers to “target foreign policy agencies” as part of intelligence gathering. He said the targets included at least 24 countries.
The hackers gained access to USAID’s account with Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 are said to contain new information on election fraud incidents in 2020 and a link to malware that allows hackers “permanent access to compromised computers.”
Microsoft said in one separate blog post that the campaign is ongoing and evolved from multiple waves of spear phishing campaigns that were first spotted in January and escalated to this week’s mass mailings.
While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks, as well as at least nine U.S. government agencies, was extremely clandestine and lasted for much of 2020 before it was discovered by cybersecurity firm FireEye in December, this campaign is accurate the right thing cybersecurity researchers call out loud. Easy to recognize.
Microsoft identified the two mass distribution methods used: The SolarWinds hack took advantage of the software update supply chain from a trusted technology provider. This campaign was piggybacked by a mass email provider.
With both methods, the hackers undermine trust in the technology ecosystem.