Search
Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC NetApp Digital Newsroom WatchGuard Digital Newsroom Cisco Partner Summit Digital 2020 HPE Zone The Business Continuity Center Enterprise Tech Provider Masergy Zenith Partner Program Newsroom Hitachi Vantara Digital Newsroom IBM Newsroom Juniper Newsroom Intel Partner Connect 2021 Avaya Newsroom Experiences That Matter The IoT Integrator NetApp Data Fabric Intel Tech Provider Zone

5 Things To Know About Latest SolarWinds Hackers’ Attack: How Nobelium Leveraged Constant Contact In Phishing Campaign

The latest attack by the Russia state sponsored group known as Nobelium involved the Constant Contact email marketing service. Here are five things you need to know about what Microsoft is calling ‘Another Nobelium Cyberattack.’

Back 1   2   3   ... 6 Next
photo

Leveraging Constant Contact USAID Account To Escalate Attack

The latest Nobelium cyberattack “escalated significantly” on May 25 when the state-sponsored hackers used the “legitimate mass mailing service Constant Contact,” according to Microsoft’s Threat Intelligence Center (MSTIC).

The May 25 phishing campaign included several iterations of emails sent from the Constant Contact account of USAID. In one example, the emails appear to originate from USAID, said Microsoft, while not having an “authentic sender email address that matches the standard Constant Contact service.”

The emails posed as an “alert” from USAID dated May 25, 2021 with a subhead: “USAID Special Alert: Donald Trump Published New Documents On Election Fraud.” If the user clicked the link on the email, the URL directs them to the legitimate Constant Contact service and then redirects to a Nobelium “controlled infrastructure.” A “malicious ISO” file was then delivered to the system.

“The successful deployment of these payloads enables Nobelium to achieve persistent access to compromised systems,” said Microsoft. “Then, the successful execution of these malicious payloads could enable Nobelium to conduct action-on objectives, such as lateral movement, data exfiltration, and delivery of additional malware.”

 
 
Back 1   2   3   ... 6 Next

sponsored resources