![]() The spokesperson spoke on condition of anonymity about the incident, noting that the U.S. So far, the impact of the new phishing incident seemed to be limited, the NSC spokesperson said, noting that Microsoft had said that many of the phishing emails sent through the service used by USAID had likely been blocked by automated systems. The White House National Security Council said it's monitoring the incident, an NSC spokesperson said Friday. The Biden administration has not yet laid blame for the attack. The full scope of the attack - the compromised systems, and affected accounts - is not yet known. ![]() But the company added that the earliest emails that were sent might have been successfully delivered. The high-volume email campaign prompted automatic systems to block many of the emails and mark them as spam, Microsoft said. Like many similar hacks, the attack relies on several essential steps. Federal Elections," said Volexity, a cybersecurity firm that issued a report about the security threat on Thursday.įrom there, all the hackers needed was for someone to click the link: The attackers are "very adept and very skilled at turning a foothold or an initial entry point into a wider breach," Volexity's president, Steven Adair, told NPR. The bogus email sent from the USAID account includes "a legitimate lure referencing foreign threats to the 2020 U.S. After a period of probing and experimentation, the company said, the hackers used a spear-phishing campaign to launch a large-scale attack on Tuesday. The initial phases of the attack began in January, Microsoft said. Note: Both Microsoft and Constant Contact are financial supporters of NPR. The company said it has temporarily disabled the affected accounts, adding that it's "working with our customer, who is working with law enforcement." ![]() "We are aware that the account credentials of one of our customers were compromised and used by a malicious actor to access the customer's Constant Contact accounts," a company spokesperson told NPR. USAID is now working with the Cybersecurity and Infrastructure Security Agency, along with DHS (CISA's parent agency) and other agencies, Jhunjhunwala added.Ĭonstant Contact, a Massachusetts company that has more than 600,000 customers worldwide, said the attack is an isolated incident. "The forensic investigation into this security incident is ongoing," she said. Investigations Biden Order To Require New Cybersecurity Standards In Response To SolarWinds Attack ![]() The tech company said recipients were sent emails that looked to be from USAID - but which contained links that could install malicious code, giving hackers wide-ranging access. The group is thought to be run out of the Russian Foreign Intelligence Service, or SVR. The new cyber campaign was orchestrated by a group Microsoft calls Nobelium, though it may be better known as APT29. Here's what we know about the new hacking campaign: Russian presidential press secretary Dmitry Peskov denied his country is involved, saying Microsoft was making an "unfounded accusation," according to the Interfax news agency. Press secretary Jen Psaki issued that statement on Tuesday - the same day the hackers sharply escalated their attack, according to Microsoft. The White House said this week that Biden wants to "restore predictability and stability" in the two countries' relationship. News of the attack comes less than three weeks before President Biden is slated to hold a summit with Russian President Vladimir Putin. Slaps New Sanctions On Russia Over Cyberattack, Election Meddling
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |