The Kremlin-backed hackers who targeted SolarWinds customers in a supply chain attack have been caught conducting a malicious email campaign that delivered malware-laced links to 150 government agencies, research institutions and other organizations in the US and 23 other countries, Microsoft said.
The hackers, belonging to Russia’s Foreign Intelligence Service, first managed to compromise an account belonging to USAID, a US government agency that administers civilian foreign aid and development assistance. With control of the agency’s account for online marketing company Constant Contact, the hackers had the ability to send emails that appeared to use addresses known to belong to the US agency.
SolarWinds hackers are back with a new mass campaign, Microsoft says
Kremlin-backed group uses hacked account to impersonate US aid agency.
arstechnica.com