US says agencies largely fended off latest Russian hack

May 28, 2021, 7:52 AM | Updated: Jun 1, 2021, 3:58 pm

WASHINGTON (AP) — The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month’s planned presidential summit.

Officials downplayed the cyber assault as “basic phishing” in which hackers used malware-laden emails to target the computer systems of U.S. and foreign government agencies, think tanks and humanitarian groups. Microsoft, which disclosed the effort late Thursday, said it believed most of the emails were blocked by automated systems that marked them as spam.

As of Friday afternoon, the company said it was “not seeing evidence of any significant number of compromised organizations at this time.”

Even so, the revelation of a new spy campaign so close to the June 16 summit between President Joe Biden and Russian counterpart Vladimir Putin adds to the urgency of White House efforts to confront the Kremlin over aggressive cyber activity that criminal indictments and diplomatic sanctions have done little to deter.

“I don’t think it’ll create a new point of tension because the point of tension is already so big,” said James Lewis, a senior vice president at the Center for Strategic and International Studies. “This clearly has to be on the summit agenda. The president has to lay down some markers” to make clear “that the days when you people could do whatever you want are over.”

The summit comes amid simmering tensions driven in part by election interference by Moscow and by a massive breach of U.S. government agencies and private corporations by Russian elite cyber spies who infected the software supply chain with malicious code. The U.S. responded with sanctions last month, prompting the Kremlin to warn of retribution.

Asked Friday whether the latest hacking effort would affect the Biden-Putin summit, principal deputy press secretary Karine Jean-Pierre said, “We’re going to move forward with that.”

The U.S., which has previously called out Russia or criminal groups based there for hacking operations, did not blame anyone for the latest incident. Microsoft attributed it to the group behind the SolarWinds campaign, in which at least nine federal agencies and dozens of private sector companies were breached through a contaminated software update.

In this case, hackers gained access to an email marketing account of the U.S. Agency for International Development, and masquerading as the government body, targeted about 3,000 email accounts at more than 150 different organizations. At least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

The company did not say what portion of the attempts may have led to successful intrusions but said in a separate technical blog post that most were blocked by automated systems that marked them as spam. The White House said even if an email eluded those systems, a user would still have to click on the link to activate the malicious payload.

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

Separately, the prominent cybersecurity firm FireEye said it has been tracking “multiple waves” of related spear-phishing by hackers from Russia’s SVR foreign intelligence agency since March — preceding the USAID campaign — that used a variety of lures including diplomatic notes and invitations from embassies.

The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”

Microsoft said the campaign is ongoing and built on escalating spear-phishing campaigns it first detected in January.

USAID spokeswoman Pooja Jhunjhunwala said Friday that it was investigating with the help of the Cybersecurity and Infrastructure Security Agency. Constant Contact spokeswoman Kristen Andrews called it an “isolated incident.”

While the SolarWinds campaign,was supremely stealthy and began as far back as 2019 before being detected in December by FireEye, this campaign is what cybersecurity researchers call noisy, meaning easy to detect.

And though “the spear phishing emails were quickly identified, we expect that any post-compromise actions by these actors would be highly skilled and stealthy,” FireEye’s VP of analysis, John Hultquist, said in a statement Friday. He said the incident “is a reminder that cyber espionage is here to stay.”

Many cybersecurity experts did not consider the operation an escalation of online Russian aggression.

“I think it’s par for the course,” said Jake Williams, president of Rendition Infosec and a former U.S. government hacker. He said it’s naive to think that U.S. cyber operators aren’t engaged in similar operations targeting adversaries.

Bobby Chesney, a University of Texas at Austin law professor specializing in national security, said it is nowhere near as serious as the SolarWinds hack. Nor does it come anywhere near the damage done by the ransomware attack earlier this month — by Russian-speaking criminals tolerated by the Kremlin — that temporarily knocked the Colonial Pipeline offline.

Chesney said he thought it was wrong to regard the USAID targeting as a Russian response to sanctions or a sign the sanctions were somehow feckless.

“I don’t think it proves anything, really,” Chesney said. “It’s no surprise at all that the SVR is still engaged in espionage in the cyber domain. I don’t think we tried to deter them out of doing this wholesale.”

___

Bajak reported from Boston. Associated Press writer Alan Suderman contributed from Richmond, Va.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Associated Press

Russia’s revenue falls sharply in January from year earlier

MOSCOW (AP) — Russia’s finance ministry said Monday that budget revenue in January was 35% lower compared with the same month in 2022, the last month before Russia sent troops into Ukraine. The ministry also said the budget deficit for January was 1.77 trillion rubles ($23.9 billion), about 60% of the shortfall that had been […]
11 hours ago
A sign stands outside Tallahassee Memorial Hospital on Friday, Feb. 3, 2023, in Tallahassee, Fla. T...
Associated Press

Florida hospital taking expectant moms, delaying surgeries

TALLAHASSEE, Fla. (AP) — A major regional hospital system based in northern Florida resumed seeing patients at its clinical practices on Monday, days after a security problem forced it to take its IT network offline. But Tallahassee Memorial Healthcare was still being forced to use paper documentation, and non-emergency surgeries and out-patient procedures were canceled […]
11 hours ago
Associated Press

Funeral home finds woman breathing hours after declared dead

MILLER PLACE, N.Y. (AP) — An 82-year-old woman was pronounced dead at a New York nursing home but found to be breathing three hours later at the funeral home where she had been taken, authorities said. The woman was pronounced dead at Water’s Edge Rehab and Nursing Center at Port Jefferson on Long Island at […]
11 hours ago
This photo taken with a drone shows portions of a Norfolk and Southern freight train that derailed ...
Associated Press

Sheriff: Toxic gas release likely from Ohio derailment

EAST PALESTINE, Ohio (AP) — Authorities were threatening to arrest anyone who doesn’t leave an evacuation zone near the smoldering wreckage of an Ohio train derailment near the Pennsylvania state line and warned Monday there was a high probability of a toxic gas release. While crews were working to prevent a major explosion, residents were […]
11 hours ago
This photo provided by Lone Star Credit Union shows Becky Reed.  Reed, CEO of Lone Star Credit Unio...
Associated Press

Insider Q&A: Lone Star Credit Union CEO on cryptocurrencies

NEW YORK (AP) — Credit unions have been dipping their toes into cryptocurrency over the past year. The timing largely coincided with the “crypto winter” that saw digital coins plunge in value and numerous exchanges and lenders collapse. But at the height of the crypto craze in late 2021, many credit unions saw their members […]
11 hours ago
FILE - Spain's Prime Minister Pedro Sanchez speaks with the media as he arrives for an EU summit in...
Associated Press

Spanish PM urges end to EU reliance on imported food, energy

MADRID (AP) — Spanish Prime Minister Pedro Sánchez on Monday urged the European Union to “reindustrialize” to end its reliance on energy, microchips and food from outside the bloc and to learn the lessons of shortages provoked by the COVID-19 pandemic and war in Ukraine. Shortages triggered by dependence on countries outside the 27-nation EU […]
11 hours ago

Sponsored Articles

(Pexels Photo)...

Sports gambling can be fun for adults, but it’s a dangerous game for children

While adults may find that sports gambling is a way to enhance the experience with more than just fandom on the line, it can be a dangerous proposition if children get involved in the activity.
(Desert Institute for Spine Care photo)...
DESERT INSTITUTE FOR SPINE CARE

Why DISC is world renowned for back and neck pain treatments

Fifty percent of Americans and 90% of people at least 50 years old have some level of degenerative disc disease.
(Photo via MLB's Arizona Fall League / Twitter)...
Arizona Fall League

Top prospects to watch at this year’s Arizona Fall League

One of the most exciting elements of the MLB offseason is the Arizona Fall League, which began its 30th season Monday.
US says agencies largely fended off latest Russian hack