Wednesday,  December 11 , 2024

Linkedin Pinterest
News / Business

U.S.: Latest Russian hack mostly blocked

Officials downplay cyberattack as ‘basic phishing’ aimed at U.S., foreign agencies

By Associated Press
Published: May 29, 2021, 12:41pm

WASHINGTON — The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month’s planned presidential summit.

Officials downplayed the cyber assault as “basic phishing” in which hackers used malware-laden emails to target the computer systems of U.S. and foreign government agencies, think tanks and humanitarian groups. Microsoft, which disclosed the effort late Thursday, said it believed most of the emails were blocked by automated systems that marked them as spam.

As of Friday afternoon, the company said it was “not seeing evidence of any significant number of compromised organizations at this time.”

Even so, the revelation of a new spy campaign so close to the June 16 summit between President Joe Biden and Russian counterpart Vladimir Putin adds to the urgency of White House efforts to confront the Kremlin over aggressive cyber activity that criminal indictments and diplomatic sanctions have done little to deter.

“I don’t think it’ll create a new point of tension because the point of tension is already so big,” said James Lewis, a senior vice president at the Center for Strategic and International Studies. “This clearly has to be on the summit agenda. The president has to lay down some markers” to make clear “that the days when you people could do whatever you want are over.”

The summit comes amid simmering tensions driven in part by election interference by Moscow and by a massive breach of U.S. government agencies and private corporations by Russian elite cyber spies who infected the software supply chain with malicious code. The U.S. responded with sanctions last month, prompting the Kremlin to warn of retribution.

Asked Friday whether the latest hacking effort would affect the Biden-Putin summit, principal deputy press secretary Karine Jean-Pierre said, “We’re going to move forward with that.”

The U.S., which has previously called out Russia or criminal groups based there for hacking operations, did not blame anyone for the latest incident. Microsoft attributed it to the group behind the SolarWinds campaign, in which at least nine federal agencies and dozens of private sector companies were breached through a contaminated software update.

Stay informed on what is happening in Clark County, WA and beyond for only
$99/year

In this case, hackers gained access to an email marketing account of the U.S. Agency for International Development, and masquerading as the government body, targeted about 3,000 email accounts at more than 150 different organizations. At least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

The company did not say what portion of the attempts may have led to successful intrusions but said in a separate technical blog post that most were blocked by automated systems that marked them as spam. The White House said even if an email eluded those systems, a user would still have to click on the link to activate the malicious payload.

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

Separately, the prominent cybersecurity firm FireEye said it has been tracking “multiple waves” of related spear-phishing by hackers from Russia’s SVR foreign intelligence agency since March — preceding the USAID campaign — that used a variety of lures including diplomatic notes and invitations from embassies.

The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”

Microsoft said the campaign is ongoing and built on escalating spear-phishing campaigns it first detected in January.

USAID spokeswoman Pooja Jhunjhunwala said Friday that it was investigating with the help of the Cybersecurity and Infrastructure Security Agency. Constant Contact spokeswoman Kristen Andrews called it an “isolated incident.”

While the SolarWinds campaign,was supremely stealthy and began as far back as 2019 before being detected in December by FireEye, this campaign is what cybersecurity researchers call noisy, meaning easy to detect.

And though “the spear phishing emails were quickly identified, we expect that any post-compromise actions by these actors would be highly skilled and stealthy,” FireEye’s VP of analysis, John Hultquist, said in a statement Friday.

Support local journalism

Your tax-deductible donation to The Columbian’s Community Funded Journalism program will contribute to better local reporting on key issues, including homelessness, housing, transportation and the environment. Reporters will focus on narrative, investigative and data-driven storytelling.

Local journalism needs your help. It’s an essential part of a healthy community and a healthy democracy.

Community Funded Journalism logo
Loading...