Russian gang behind SolarWinds hack returns with phishing attack disguised as mail from US aid agency


Nobelium, the Russia-aligned gang identified as the perpetrators of the supply chain attack on SolarWinds’ Orion software, has struck again, Microsoft vice president Tom Burt in a blogpost Thursday.

Burt’s post says the attacks saw Nobelium gain access to accounts on the email marketing service “Constant Contact” operated by The United States Agency for International Development (USAID).

Using Constant Contact, Nobelium sent malware-infused phishing emails that installed a backdoor, called NativeZone, capable of data exfiltration and spreading the malware across victim networks.

Read more…
Source: The Register