The Microsoft Threat Intelligence Center (MSTIC) has discovered that the Russian-backed hackers behind the SolarWinds supply-chain attack are now coordinating an ongoing phishing campaign targeting government agencies worldwide.

The latest attack by the group named ‘Nobelium’ has targeted around 3,000 email accounts across 150 organizations.

“While organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries. At least a quarter of the targeted organisations were involved in international development, humanitarian, and human rights work,” said Tom Burt, Corporate Vice President, Customer Security and Trust at Microsoft.

The threat actors behind these attacks sent the phishing emails using USAID’s compromised Constant Contact account.

The campaign started in January 2021, and it slowly turned into a series of attacks culminating with this week’s USAID-themed phishing wave.

Buy Me A Coffee
Nobelium spear-phishing email (Volexity)

Cybersecurity company Volexity also published a report linking this phishing campaign with Russian Foreign Intelligence Service (SVR) operators (tracked as APT29, Cozy Bear, and The Dukes) based on tactics previously used in attacks going back to 2018.

AMD Investigates Alleged Data Breach, Stolen Company Data Claims Emerge