Just weeks after the U.S. announced sanctions against technology companies suspected of supporting Russian operations, a new espionage effort was launched in the United States. Friday, May 28, Microsoft has revealed that the group has called it the NobelJoe Biden has been accused of being close to Russian intelligence About 150 different organizations. “

According to the American company, hackers have sent malicious emails to more than 3,000 email addresses linked to NGOs or human rights organizations. But the way these emails were sent was most worrying: hackers were able to disguise Usaid, the United States agency for international development, by interfering with the device used by the body for internal messaging.

The group behind Operation Solar Winds

“The actor was able to send phishing emails that look real, but contains a link that, if clicked, contains a malicious file.”, Microsoft explains In a blog post In this attack. The software has created a backdoor on its victims’ computers that can be used to install more malicious devices, erase data, or use them as Microsoft has pointed out. “Infect other computers on one computer network”.

According to the American company, this malicious Nobilium email campaign was launched in January, but by May 25 the group had begun to use more sophisticated methods, and was able to break through. This was allowed on a system run by Constant Contact, a marketing firm. To send emails masquerading as Uside.

This new espionage attempt led to a group called Microsoft Nobilium. Until December, one of the most innovative espionage operations of recent times, the same hackers were able to: Nobleium was able to compromise with Solar Winds, an American technology company that sells software to many users.

Hackers have taken control of software called Orion by releasing a malicious update to Orion from Solar Wind Systems. This sophisticated method later allowed Noble to have backdoor access to the computer systems of all customers who installed the update. Although the number of victims who installed the affected version of Orion is uncertain, the White House has reported more than 16,000 entities, and several prominent government and technology actors have targeted the operation in the United States.

Attractive bear

In April, Joe Biden’s government accused Russia of being behind the spying, which is known to be close to the Russian Foreign Intelligence Service (SVR), an APT29 hacker group known as Kosi Beer. Meanwhile, the White House has announced economic sanctions targeting six Russian technology companies accused of supporting Russian intelligence cyber activities.

The latest action revealed by Microsoft shows that diplomatic and economic sanctions have not deterred hackers from continuing their activities, especially in the United States.