Microsoft Says Russia-Based Hackers Launch New Cyberattack Through U.S. Aid Agency E-Mail

May 28, 2021 05:20 GMT – By RFE/RL

Russian hackers have launched a new assault on government agencies and think tanks using an e-mail marketing account of the U.S. Agency for International Development (USAID), Microsoft said on May 27.

The “wave of attacks” targeted about 3,000 e-mail accounts at more than 150 different organizations, Microsoft Vice President Tom Burt said in a blog post.

At least a quarter of the organizations are involved in international development and humanitarian and human rights work, and the targeted victims are in at least 24 countries, Burt said, without saying whether any of the attempts led to successful intrusions.

He said many of the attacks targeting Microsoft customers were blocked automatically and that the company is in the process of notifying all customers who were targeted.

The discovery of the cyberattack comes only three weeks before President Joe Biden is scheduled to meet Russian President Vladimir Putin in Geneva and at a moment of heightened tensions between the two nations over issues including the SolarWinds cyberattack on U.S. computers discovered in December, as well as the military threats to Ukraine and Russia’s treatment of jailed opposition activist Aleksei Navalny.

Biden announced sanctions on Russia and the expulsion of diplomats last month in response to the SolarWinds cyberattack.

Burt said the hacking group Nobelium, originating from Russia, is behind the latest attacks and is the same actor behind the attack on SolarWinds customers.

“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Burt said.

The hackers gained access to USAID’s account at an e-mail marketing service, Microsoft said. The marketing service then sent out authentic-looking phishing e-mails dated May 25 that included a link to malware designed to allow the hackers to “achieve persistent access to compromised machines.”

Microsoft said in a separate blog post that the newly discovered campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass mailings that occurred this week.

While the SolarWinds hacking operation was stealthy and went on for most of 2020 before being detected, the more recent assault was easier to detect.

Burt said nation-state cyberattacks are not slowing and that the world needs rules governing nation-state conduct in cyberspace.

“This is yet another example of how cyberattacks have become the tool of choice for a growing number of nation-states to accomplish a wide variety of political objectives,” Burt said.

The United States and Britain have blamed Russia’s Foreign Intelligence Service (SVR) for the SolarWinds hack, which compromised nine U.S. federal agencies and hundreds of private sector companies.

This month, Russia’s spy chief denied responsibility for the SolarWinds cyberattack but said he was “flattered” by the accusations that Russian foreign intelligence was behind such a sophisticated hack.


  • Putin smells blood in the water so I fear there will be maximum pressure on his new American president to appease and capitulate in all matters. Meanwhile, poor old Joe will have his hands full remembering what flavor ice cream he likes.

    Liked by 2 people

  • “Burt said nation-state cyberattacks are not slowing and that the world needs rules governing nation-state conduct in cyberspace.”

    You don’t need rules, you need to stop using Microsoft. Don’t blame the thief if you leave your door open, only to find all your valuables have disappeared overnight.

    Liked by 3 people

    • I agree with you but I think you underestimate the hackers too. If they really want to get into something a terrorist state like Putin’s will send hundreds of hackers to dismantle networks. I’m no expert but it seems nothing could stop that.
      I agree there should be rules and there should be digital trails that cybernetic forensic researchers could follow. Fingerprints if you will. That’s the future, we can’t have some demented smart asses shutting down power grids. If a nation-state does it then its understood as an act of war. Like this latest case, the US should be entitled to respond…strongly…and not depend on some habitual liars covering for the hackers.

      Liked by 1 person

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.