Microsoft announced a Russian threat group (ITG11, aka Nobelium, APT29) also thought to be behind the SolarWinds attack conducted an email campaign masquerading as the U.S. Agency for International Development. Microsoft reports that while organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries. The earlier campaign in April and May of this year targeted human rights groups and governmental agencies.

The adversary used a legitimate marketing service, Constant Contact, to distribute malicious URLs and malware to 3,000 individual accounts in 150 organizations via phishing emails. When victims clicked the malicious URL, the adversary attempted to drop a Cobalt Strike Beacon loader, dubbed NativeZone by Microsoft, to maintain persistence on the victim’s computer.

IBM is closely monitoring the situation and updates will be available on the X-Force Exchange Threat Activity Report. Additionally, IBM recommends nongovernmental organizations consider these security best practices to prevent a compromise:

  • Among many best practices to counter common cybersecurity risks, turn on and scale up multi-factor authentication (MFA) for all of your accounts, especially ones with access to sensitive data. The benefit of MFA is that it provides additional security by adding protection in layers. The more layers/factors in place, the more the risk of an intruder gaining access to critical systems and data is reduced.
  • Enhance your organization’s defenses against phishing attacks by using email security filters to flag messages that originate from external sources and by training your employees about some of the latest phishing attacks circulating, such as spoofing, to keep their home networks and devices safe from malicious actors.
  • Use Quad9, an open DNS service that is free and provides protection against malicious domains. This tool quickly detects and blocks malicious domains, keeping organizations safe from attacks that might deploy malware or steal user credentials. X-Force findings show that threat actors actively created new, malicious domains mimicking top brands and government agencies. Blocking out communication with malicious and suspicious websites can help mitigate the threat of phishing and fraud.
  • With phishing and ransomware attacks on the rise, cyber criminals look to combine social engineering and crisis operations to compromise business emails and deploy malicious code. Organizations must protect their workforces to implement context-based zero trust models.
Learn more on IBM X-Force Exchange

Assistance is also available to assist 24×7 via IBM Security X-Force’s US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

More from Government

Who Will Be the Next National Cyber Director?

After Congress approved his nomination in 2021, Chris Inglis served as the first-ever National Cyber Director for the White House. Now, he plans to retire. So who’s next? As of this writing in January of 2023, there remains uncertainty around who will fill the role. However, the frontrunner is Kemba Walden, Acting Director of the National Cyber Director’s office. Walden is a former Microsoft executive who joined the National Cyber Director’s office in May. Before her appointment, Walden was the…

How Much is the U.S. Investing in Cyber (And is it Enough)?

It’s no secret that cyberattacks in the U.S. are increasing in frequency and sophistication. Since cyber crime impacts millions of businesses and individuals, many look to the government to see what it’s doing to anticipate, prevent and deal with these crimes. To gain perspective on what’s happening in this area, the U.S. government’s budget and spending plans for cyber is a great place to start. This article will explore how much the government is spending, where that money is going…

What the New Federal Cybersecurity Act Means for Businesses

On December 21, 2022, President Biden signed the Quantum Computing Cybersecurity Preparedness Act. The risk of quantum-powered password decryption is increasing exponentially. The new legislation is designed to help federal agencies proactively shift to a post-quantum security posture. Agencies have until May 4, 2023, to submit an inventory of potentially vulnerable systems, and the Act directs the Office of Management and Budget (OMB) to prioritize the adoption of post-quantum cryptography standards. For businesses, government efforts to address emerging quantum risks…

What to Know About the Pentagon’s New Push for Zero Trust

The Pentagon is taking cybersecurity to the next level — and they’re helping organizations of all kinds do the same. Here’s how the U.S. Department of Defense is implementing zero trust and why this matters to all businesses and organizations. But first, let’s review this zero trust business. What is Zero Trust? Zero trust is the most important cybersecurity idea in a generation. But “zero trust” is itself a bit of a misnomer. It’s not about whether a person or…