The SolarWinds hackers are at it again.
And they’re weaponizing Donald Trump’s Big Lie to carry out their attacks.
Microsoft is warning of a new “sophisticated” email attack it has uncovered from the Russia-linked actors behind last year’s massive SolarWinds hack, Nobelium. The 2020 attack on the software vendor is considered to be one of the worst data breaches ever.
The new attack, according to the Microsoft Threat Intelligence Center, targets U.S. government agencies, military, IT service providers, think tanks, NGOs, telecommunications companies, and health technology and research organizations.
Nobelium has been successful with its latest attack. According to Microsoft, the hackers were able to access the U.S. Agency for International Development’s (USAID) Constant Contact account. Constant Contact is an email marketing service used to send out mass email blasts and newsletters.
Once the hackers accessed the agency’s email marketing account, they began sending phishing emails created to look like official documents from the U.S. government.
The purpose of these phishing emails is to trick those who receive them into clicking a link provided in the email. Once the unsuspecting target clicks the link, hackers can then try to access a user’s sensitive data, such as usernames and passwords. The bad actors can also attempt to infect the target’s computer with software that can pull this private information.
A screenshot of one of these emails was provided by Microsoft.
“USAID Special Alert,” begins the phishing email. “Donald Trump has published new documents on election fraud.”
When someone would click through the link to view the purported documents, malware would be installed to their computer instead. From there, hackers could access the data on the device and further infect other computers on the same network.
Former U.S. President Donald Trump has insisted that he only lost the presidential election in November due to election fraud. There has never been any evidence presented that proves this, although it is fervently supported by right wing conspiracy theorists. The false claim has come to be known as Trump’s Big Lie.
A spokesperson for Constant Contact told The Verge that they are aware of the breach into the USAID’s account. The company says it is an “isolated incident.”
The Department of Homeland Security says it is aware of the information provided by Microsoft. According to Bloomberg, the U.S. government is pointing the blame at Russia’s foreign intelligence service, although Russian President Vladmir Putin has denied involvement.
Nobelium was able to breach the U.S. Treasury and Commerce Departments in the SolarWinds hack last year. The “highly sophisticated” attacks were able to access the agencies’ Microsoft Office 365 accounts. In all, as many as 18,000 SolarWinds customers were affected, including 100 private companies and nine U.S. government agencies.