SEATTLE, Wash. (NBC) – Microsoft is sounding the alarm that Russian hackers are ramping up cyber-aggression again, this time infiltrating the email system of an agency at the State Department and sending thousands of phishing emails. This comes just three weeks ahead of a high-stakes summit between the U.S. and Russia.
NBC national security analyst and former FBI Special Agent Clint Watts said, “What you are seeing the Russians doing is being creative in terms of techniques and using our own service and our own infrastructure for access and constantly innovative targets.”
Microsoft issued the warning overnight, calling it an “active incident.” This time, the target appears to be humanitarian organizations.
3,000 Microsoft email accounts across 150 organizations were compromised, mostly in the United States after hackers got into an email system used by the State Department’s Agency for International Development.
USAID said it became aware of potentially malicious email activity from a compromised constant contact email marketing account. Watts explained, “This is because they’re trying to gain information or smear or malign those organizations all the time, so it fits the targeting pattern.”
A hacker group, “Nobelium,” believed to be run by Russia’s foreign intelligence service, sent special alert emails that were meant to look like they were from USAID.
Microsoft said it’s the same group behind the massive SolarWinds attack that hit government agencies and American companies last year that led to sanctions against Russia, put in place just last month.
Microsoft said it detected the attack and has blocked some actions automatically and is notifying all customers who were targeted.