Microsoft: SolarWinds hackers target 150 orgs with phishing

BOSTON (AP) — The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft says.

The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

It did not say what portion of the attempts may have led to successful intrusions but said many of those targeting Microsoft customers were blocked automatically. “We're also in the process of notifying all of our customers who have been targeted,” Burt said.

The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft , said in a post that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

Separately, the prominent cybersecurity firm FireEye said it has been tracking “multiple waves” of related spear-phishing by the hackers from Russia's SVR foreign intelligence agency since March — preceding the USAID campaign — that used a variety of lures including diplomatic notes and invitations from embassies.

The hackers gained access to USAID's account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking...