Microsoft warns of new hack by group behind SolarWinds attack

CNBC Television published this video item, entitled “Microsoft warns of new hack by group behind SolarWinds attack” – below is their description.

CNBC’s Eamon Javers reports on the details of the latest hack by the group behind the SolarWinds attack. For access to live and exclusive video from CNBC subscribe to CNBC PRO: https://cnb.cx/2NGeIvi

The Russian hackers thought to be behind the catastrophic SolarWinds attack last year have launched another major cyberattack, Microsoft warned three weeks before President Joe Biden is to meet with Russian President Vladimir Putin.

Microsoft said in a blog post Thursday that the hacking group, known as Nobelium, had targeted over 150 organizations worldwide in the last week, including government agencies, think tanks, consultants and nongovernmental organizations.

They sent phishing emails — spoof messages designed to trick people into handing over sensitive information or downloading harmful software — to more than 3,000 email accounts, the tech giant said.

At least 25% of the targeted organizations are involved in international development, humanitarian and human rights work, said Tom Burt, Microsoft’s corporate vice president of customer security and trust.

“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Burt said.

Organizations in at least 24 countries were targeted, Microsoft said, with the U.S. receiving the largest share of attacks.

The breach has been discovered three weeks before the Biden-Putin summit in Geneva on June 16.

It also comes a month after the U.S. government explicitly said that the SolarWinds hack was carried out by Russia’s SVR, a successor to the foreign spying operations of the Soviet KGB.

The Kremlin said Friday it does not have any information on the cyberattack and that Microsoft needs to answer more questions, including how the attack is linked to Russia, Reuters reported. The Kremlin did not immediately respond to CNBC’s request for comment.

The hack explained

Microsoft said Nobelium gained access to an email marketing account used by the U.S Agency for International Development, the federal government’s aid agency. The account is held on a platform called Constant Contact.

Burt said Nobelium used the account to “distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file.”

The file contains a backdoor that Microsoft calls NativeZone, which can “enable a wide range of activities from stealing data to infecting other computers on a network,” according to Burt, who said Microsoft is in the process of notifying customers who have been targeted.

USAID said a forensic investigation into the breach is ongoing.

“The U.S. Agency for International Development became aware of potentially malicious email activity from a compromised Constant Contact email marketing account,” a USAID spokesperson said in a statement shared with CNBC. “The forensic investigation into this security incident is ongoing. USAID has notified and is working with all appropriate Federal authorities, including the U.S. Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency.”

A spokesperson for Constant Contact told CNBC the company is aware that the account credentials of one its customers were compromised and used by a malicious actor to access the customer’s Constant Contact accounts.

“This is an isolated incident, and we have temporarily disabled the impacted accounts while we work in cooperation with our customer, who is working with law enforcement,” they said.

A CISA spokesperson told CNBC the agency is aware of the the potential compromise and that it was working with the FBI and USAID to better understand the extent of what’s happened.

Steve Forbes, a government cybersecurity expert at domain name manager Nominet, outlined the dangers of these types of hacks.

» Subscribe to CNBC TV: https://cnb.cx/SubscribeCNBCtelevision

» Subscribe to CNBC: https://cnb.cx/SubscribeCNBC

» Subscribe to CNBC Classic: https://cnb.cx/SubscribeCNBCclassic

Turn to CNBC TV for the latest stock market news and analysis. From market futures to live price updates CNBC is the leader in business news worldwide.

The News with Shepard Smith is CNBC’s daily news podcast providing deep, non-partisan coverage and perspective on the day’s most important stories. Available to listen by 8:30pm ET / 5:30pm PT daily beginning September 30: https://www.cnbc.com/2020/09/29/the-news-with-shepard-smith-podcast.html?__source=youtube%7Cshepsmith%7Cpodcast

Connect with CNBC News Online

Get the latest news: http://www.cnbc.com/

Follow CNBC on LinkedIn: https://cnb.cx/LinkedInCNBC

Follow CNBC News on Facebook: https://cnb.cx/LikeCNBC

Follow CNBC News on Twitter: https://cnb.cx/FollowCNBC

Follow CNBC News on Instagram: https://cnb.cx/InstagramCNBC

https://www.cnbc.com/select/best-credit-cards/

#CNBC

#CNBCTV

CNBC Television YouTube Channel

Got a comment? Leave your thoughts in the comments section, below. Please note comments are moderated before publication.


About This Source - CNBC Television

CNBC is an American pay television business news channel, which primarily carries business day coverage of U.S. and international financial markets. Following the end of the business day and on non-trading days, CNBC primarily carries financial and business-themed documentaries and reality shows.

As of February 2015, CNBC is available to approximately 93,623,000 pay television households (80.4% of households with television) in the United States.

Recent from CNBC Television:

The narrative behind big tech is 'very strong', they are must own stocks, says laffer tengler ceo 1

The narrative behind Big Tech is ‘very strong’, they are must own stocks, says Laffer Tengler CEO

The Biden campaign can’t fix messaging around age, says Mick Mulvaney

Last Call panel weighs in on Sports Illustrated laying off entire staff

In This Story: FBI

The Federal Bureau of Investigation is the domestic intelligence and security service of the United States and its principal federal law enforcement agency.

1 Recent Items: FBI

‘ALARMING’: Jan 6 is the FBI’s number one priority, says former FBI agent

In This Story: Forbes

Forbes is an American business magazine owned by Integrated Whale Media Investments and the Forbes family. Published eight times a year, it features articles on finance, industry, investing, and marketing topics. Forbes also reports on related subjects such as technology, communications, science, politics, and law.

2 Recent Items: Forbes

The Significance of Spot Bitcoin ETFs Arriving in the US

The Significance of Spot Bitcoin ETFs Arriving in the US

In This Story: Joe Biden

Joe Biden is an American politician serving as the 46th and current president of the United States. A member of the Democratic Party, he served as the 47th vice president from 2009 to 2017 under Barack Obama and represented Delaware in the United States Senate from 1973 to 2009.

He is married to Dr Jill Biden.

Books by Joe Biden #Ad

6 Recent Items: Joe Biden

Biden-Netanyahu talks: US maintains stance on two-state solution

Does it matter how young or old our politicians are?

Biden says he’s ready for ‘massive changes’ at border

U.S. launches new strikes against Iran-backed militia

President Joe Biden meets with mayors

Congress Approves Funding to Avert US Government Shutdown

In This Story: Microsoft

Microsoft Corporation (NASDAQ: MSFT) is an American multinational technology company with headquarters in Redmond, Washington. It develops, manufactures, licenses, supports, and sells computer software, consumer electronics, personal computers, and related services.

4 Recent Items: Microsoft

Analyst expects ‘more materiality’ on Microsoft’s AI growth

Where to Eat and Drink at the World Economic Forum in Davos

Kerry Praises Biden, Says He’ll Help 2024 Re-Election Campaign

Microsoft CEO Nadella on AI Wave and Tech in 2024

Leave a Comment

We don't require your email address, or your name, for anyone to leave a comment. If you do add an email address, you may be notified if there are replies to your comment - we won't use it for any other purpose. Please make respectful comments, which add value, and avoid personal attacks on others. Links are not allowed in comments - 99% of spam comments, attempt to post links. Please describe where people may find additional information - for example "visit the UN website" or "search Google for..." rather than posting a link. Comments failing to adhere to these guidelines will not be published.