Sometime in the days leading up to May 24, hackers working for Russia’s SVR intelligence agency begin sending malicious emails to more than 3,000 people through an email system used by the U.S. Agency for International Development (USAID).
The emails, which include a path for hackers to gain unlimited access to the computer systems of recipients, likely began going out sometime last week and are reported to the public by Microsoft on May 27. Russian agents targeted and continue to target human rights groups, think tanks, and other U.S. organizations that have been critical of Vladimir Putin.
In essence, the Russians got into the Agency for International Development email system by routing around the agency and going directly after its software suppliers. Constant Contact manages mass emails and other communications on the aid agency’s behalf…. By breaching the systems of a supplier used by the federal government, the hackers sent out genuine-looking emails to more than 3,000 accounts across more than 150 organizations that regularly receive communications from the United States Agency for International Development. Those emails went out as recently as this week, and Microsoft said it believes the attacks are ongoing.The Boston Globe
The emails include a line of linked text, such as “Donald Trump has published new emails on election fraud,” that, when clicked, drops malicious files onto the computers of the recipients.
Russia’s SVR is also responsible for the SolarWinds breach last year, which included many U.S. agencies, the military, the federal courts system, and over 80 percent of the country’s Fortune 500 companies.
At the time of this writing, it’s unclear how many of the 3,000 emails were successful in infecting computer systems and which agencies have been breached. The Biden White House downplays the attack, saying this kind of breach is typical of daily cyber concerns for the U.S. government.
Photo: DMITRI LOVETSKY/REUTERS