New (and big): Russia’s SVR has seized an email system used by the State Department’s international aid agency to send malicious emails to human rights groups and NGOs critical of Putin, with ⁦@SangerNYT⁩ discovered by @Microsoft https://t.co/fGe06pLetu

— Nicole Perlroth (@nicoleperlroth) May 28, 2021

Volexity researchers write about the same phishing email campaign as reported by Microsoft. They believe the APT29 threat actor is likely responsible for it. https://t.co/exlHsW1NiC pic.twitter.com/JoyF4ESpJH

— Virus Bulletin (@virusbtn) May 28, 2021

What we know about the latest Russian hacks that used @USAID emails to target more than 150 organizations, including human rights and humanitarian orgs, @Microsoft says. The same SVR hackers that carried out the SolarWinds breach are being blamed. https://t.co/XxZPVjmnYH pic.twitter.com/4kguHEqGF1

— Alexander Marquardt (@MarquardtA) May 28, 2021

NEW: Russian gov-linked hackers seized a @ConstantContact account used by @USAID & targeted thousands with malware, like human rights groups critical of Putin.

Great to see @msstic & @MsftSecIntel rapidly & publicly attributing this.https://t.co/H7Kt04uFNR pic.twitter.com/CEcGJToneH

— John Scott-Railton (@jsrailton) May 28, 2021

How many times do I need to say we’re at war with Russia. https://t.co/nDlcfb5Ec9

— Andrew C Laufer, Esq (@lauferlaw) May 28, 2021

Microsoft says hackers leveraged legit mass-mailing service Constant Contact in this campaign and that due to volume "automated email threat detection systems blocked most of the malicious emails and marked them as spam." https://t.co/JDunxh2IlJ

— Dustin Volz (@dnvolz) May 28, 2021

.@USAID acting spox says the “forensic investigation into this security incident is ongoing.”

“USAID has notified and is working with all appropriate Federal authorities, including (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA),” she says https://t.co/RooGvkej6U

— Jennifer Hansler (@jmhansler) May 28, 2021

Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency - targeting NGOs and human rights activists https://t.co/JL2WQuO0Gj

— Peter Jukes (@peterjukes) May 28, 2021

New #sanctions aren’t enough. The US and our allies must act boldly to put a stop to the continued cyberwarfare being waged by #Russia, #China, and other adversaries. Far past time to put our offensive cyber capabilities to work.? https://t.co/j00oG1EFga

— Dena Grayson, MD, PhD (@DrDenaGrayson) May 28, 2021

Technical details on the #Nobelium #nationstate attack from our #MSTIC team here: https://t.co/2uOVqR52Sn

— Cristin Goodwin (@CristinGoodwin) May 28, 2021

Microsoft says the same Russian hackers behind the SolarWinds campaign are at it again — this time targeting humanitarian orgs and others via USAID: https://t.co/wYSC3RL6zl

— Brian Fung (@b_fung) May 28, 2021

An unsettling detail:

The phishing emails tried to grab people's attention with a subject ripped from current events: “Donald Trump has published new documents on election fraud,” once again taking advantage of homegrown chaos and disinformation in the UShttps://t.co/5b6PsoZKOl

— Hamza Shaban (@hshaban) May 28, 2021

“Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020…Nobelium launched this week’s attacks by gaining access to the Constant Contact account of USAID.” https://t.co/6Pv8dsNcLY

— Natasha Bertrand (@NatashaBertrand) May 28, 2021

Microsoft has released information on a widespread malicious email campaign carried out by a cyber actor they identify as NOBELIUM. See https://t.co/JFuPkqCp15 #Cybersecurity #InfoSec

— US-CERT (@USCERT_gov) May 28, 2021

One of the fake emails that appeared to originate from USAID included an authentic sender address. The email posed as a "special alert" that invited recipients to click on a link to "view documents" from former President Donald Trump on election fraud. https://t.co/SKwlZPqJ0B

— Kaitlan Collins (@kaitlancollins) May 28, 2021

This week the nation-state actor Nobelium launched cyberattacks targeting more than 150 organizations in at least 24 countries. These attacks are only escalating – gov’ts and the private sector must do more to address. https://t.co/pIG6PwTg46

— Brad Smith (@BradSmi) May 28, 2021

Microsoft says the hackers got in through Constant Contact, an email marketing tool used by USAID.

Constant Contact tells me it’s aware of an “isolated” incident in which one of its clients was compromised, and has “temporarily disabled the impacted accounts."

— Brian Fung (@b_fung) May 28, 2021

CSIS’s @james_a_lewis says this shows how the Russians are undeterred by recent US actions to hold the Kremlin accountable: "They aren't afraid of the US response. They are testing the new administration."

— Brian Fung (@b_fung) May 28, 2021

There are so many layers to the latest phishing campaign from NOBELIUM.

Let’s start with the breadth “3,000 individual accounts across more than 150 organizations”

And the techniques
URL -> ISO (don’t see that every day) -> LNK disguised as a folder -> Custom CS Beacon Loader https://t.co/5mWV88w7B1

— Christopher Glyer (@cglyer) May 28, 2021

Microsoft says in a security bulletin that the SolarWinds hackers are behind a new "wide-scale malicious email campaign" targeting 3,000 individual accounts across more than 150 organizations that used "unique infrastructure and tooling for each target." https://t.co/JDunxh2IlJ

— Dustin Volz (@dnvolz) May 28, 2021

Russian SolarWinds hackers launch new phishing campaign #DarkWeb #CyberSec #infosec #Security #cybercrime #ThreatIntel #hackers #dataprotection #privacy #cyberthreats #cyberattacks #cyberintelligence #digitalrisk #databreach #PhIshing https://t.co/vguKVdt3mW

— Jiniba (@JinibaBD) May 28, 2021

Putin wants a show-down with Biden: Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency https://t.co/F3Qerus4qA

— Frank Figliuzzi (@FrankFigliuzzi1) May 28, 2021

Wow. Between Putin's ally hijacking a plane of a US ally and now this, the agenda for the Biden-Putin summit just keep growing. "Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency" https://t.co/PLCoig2PRn

— Michael McFaul (@McFaul) May 28, 2021

Not only don't they extend a hand but https://t.co/SSxSXoCAIp

— Olga Lautman (@OlgaNYC1211) May 28, 2021

This brazen cyberattack exposes Putin’s fears and systemic attempts to deter our critical development and humanitarian work. It will only increase our resolve to challenge his reckless authoritarian vision.https://t.co/kXfgBMEMJK

— Ed Markey (@SenMarkey) May 28, 2021

Maybe if we speak firmly to Putin he will stop.https://t.co/CW1tX3uBtI

— John Sipher (@john_sipher) May 28, 2021

Microsoft reported that it had detected the intrusion and that the same hackers behind the earlier SolarWinds attack were responsiblehttps://t.co/jg38QTp4t7

— Yamiche Alcindor (@Yamiche) May 28, 2021

“Hackers linked to Russian intelligence...seized an email system used by the US government’s international aid agency to burrow into the computer networks of human rights groups and other organizations of the sort that have been critical of...Putin”

?https://t.co/fu6AXDyD9r

— Leah McElrath ?️‍? (@leahmcelrath) May 28, 2021

Another attack by Russian hackers on our agencies. Putin's gift to Biden ahead of the summit. Maybe now people can understand why I have been speaking out against this ridiculous summit/NS2 waivers. Putin will continue escalating because he sees weakness
https://t.co/iDTNCgY2vT

— Olga Lautman (@OlgaNYC1211) May 28, 2021

Wow. Hackers linked to Russia’s main intelligence agency seized an email system used by the State Department’s international aid agency to burrow into the computer networks of human rights groups and other organizations that have been critical of Putin.https://t.co/WjviZNwLH9

— Caroline Orr Bueno, Ph.D (@RVAwonk) May 28, 2021

ロシア諜報機関SVR（対外情報庁）配下のハッカー組織ノベリウム（Nobelium）が、米国際開発庁（USAID）の電子メールシステムを乗っ取り、プーチン露大統領に批判的な通信を監視、偽メールを自在に送信するなど大がかりな攻撃を行っていたとマイクロソフト社が発表。https://t.co/UhcfJxGc1l

— deepthroat (@gloomynews) May 28, 2021

New York Times: "Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency" https://t.co/OREUWAEoxX

— Evan Kohlmann (@IntelTweet) May 28, 2021

It looks like the Russian government-linked hacking group Cozy Bear is back in the election trickery business. https://t.co/cXC6GTqwwO via @CyberScoopNews

— 780th Military Intelligence Brigade (Cyber) (@780thC) May 28, 2021

Our story on the Volexity research, from @timstarks: https://t.co/2E5HDRThhQ

— Sean Lyngaas (@snlyngaas) May 28, 2021