A Russian hacker group behind the SolarWinds spy campaign has launched a new wave of global cyberattacks and hijacked an email system. According to Microsoft, 3.000 US government email accounts in 150 agencies were affected by the attack. The "active attack" covers at least 24 countries.
Commenting on the latest findings on the attacks, John Hultquist, Vice President of Analysis, Mandiant Threat Intelligence at FireEye, the market leader in intelligence-based security solutions. “FireEye has tracked several waves of similar spear phishing emails sent since March 2021. In addition to the USAID content, a variety of lures, such as diplomatic communications and embassy invitations, were used. All of these actions focused on governments, think tanks and similar organizations that have traditionally been targets of SVR actions.
Successor to the SolarWinds attack
John Hultquist, Vice President of Analysis, Mandiant Threat Intelligence at FireEye. (Source: FireEye)
Although the SolarWinds attack was significant due to its malice and careful execution, conspicuous and widespread spear phishing attacks have long been the flagship of the SVR, which often carried out suspicious phishing campaigns. These actions were often effective, including access to key government agencies. Although the spear phishing emails were quickly identified, we believe that the attacks by these actors are very sophisticated and covert once they have been compromised.
Recent activity appears to have picked up just as supply chain-based compromises decreased. Given the audacity of this incident, the SVR appears unwilling to curb its cyber espionage activities, let alone go to great lengths to hide new activities. Rather, this incident reminds us that cyber espionage will continue in the future. "
More at FireEye.com
About Trellix Trellix is a global company redefining the future of cybersecurity. The company's open and native Extended Detection and Response (XDR) platform helps organizations facing today's most advanced threats gain confidence that their operations are protected and resilient. Trellix security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to support over 40.000 business and government customers.