Microsoft experts said last week that the Russian hacker group APT29 (aka Cozy Bear, Dukes, Nobelium), standing behind the attack on SolarWinds, attacked the US Agency for International Development using four new malware families in the campaign.The hackers compromised the agency’s Contact Contact account and then used that account to impersonate agents in phishing emails that appeared to be authentic.
In total, the attackers sent phishing messages to approximately 3,000 accounts in more than 150 organizations, including government agencies and organizations involved in international development, humanitarian and human rights activities.
The FBI and the Justice Department are now reporting that they managed to hijack two domains that the hack group used during these attacks.
After receiving a court order, the authorities seized these two domains in order to block attackers from infecting new systems and interacting with previously infected hosts.
However, the actors may have deployed additional backdoor accesses between the time of the initial compromises and the attack last week.
Let me remind you that we wrote that Chinese hackers also took part in attacks on SolarWinds clients.
User Review( votes)