According to initial findings, the hackers use an email account for marketing from the US development aid agency USAID. In this way they managed to gain access to the internal networks of organizations that are considered critical of the government.
The authentic-looking emails, dated May 25, stated that they contained information on allegations of fraud in relation to the US election last year. They would have contained a link to malware that enables the hackers to gain permanent access to the infected devices. The attack continues and those affected are informed.
According to Burt, it affects around 3,000 email accounts at more than 150 different organizations in at least 24 countries. At least a quarter of the attacked organizations are active in the areas of international development, humanitarian work or human rights.
The cyber security company Volexity also reported on the attack. The phishing e-mails are relatively rarely detected by protection programs, which suggests that the attacker was likely to have been partially successful.
At the time, Microsoft President Brad Smith described the fall of SolarWinds as “the largest and most sophisticated attack the world has ever seen”. Back then, up to 18,000 SolarWinds customers downloaded the compromised software update, which hackers could use to spy on companies and agencies for almost nine months. Russia has so far denied any responsibility for the attack.
Originally published at https://www.tehnologijaviews.xyz.