Microsoft has issued a warning that the Russian hacker group believed to be behind the so-called SolarWinds attacks is now beginning to attack systems again.
According to Microsoft, this week the Nobelium hacker group attempted to gain access to more than 3,000 email systems belonging to various Western governments, organizations, among others, for human rights issues and various thought chains. The majority of the attacks discovered by Microsoft are said to have taken place against US interests, but other Western targets affected have also been discovered. Microsoft writes in a statement:
“While organizations in the United States received the largest share of attacks, the targeted victims came from at least 24 countries. At least a quarter of the organizations targeted were involved in international development, humanitarian work, and human rights. Noblemium, which originated from Russia, is the same actor behind the attacks on SolarWinds customers in 2020.”
The point of attacking email systems appears to be that they can be used to send email messages that appear to come from those who have been attacked. These emails must contain the NativeZone malware that can provide unauthorized access to the backdoors of various systems. This can happen if email recipients inadvertently click on links in the email that install NativeZone in their system.
Microsoft wrote that many attacks were stopped automatically by Windows Defender and that they are now informing customers that they believe they have been exposed to new attacks.