Microsoft says another wave of Russian cyber-attacks has targeted government agencies and human rights groups in 24 countries, most in the US.
Microsoft said about 3,000 email accounts were targeted
It said about 3,000 email accounts at more than 150 different organisations had been attacked this week.
The group responsible was the same one that carried out last year’s SolarWinds attacks, which Russia’s Foreign Intelligence Service (SVR) is accused of orchestrating, Microsoft said.
Russia has denied both cyber-attacks.
The Kremlin on Friday said it had no knowledge of the latest hacks, and called on the US tech giant to answer further questions, including how it was linked to Russia.
How were the new cyber-attacks mounted?
In a blog post published late on Thursday, Microsoft said the new attacks targeted government agencies involved in foreign policy as part of “intelligence gathering efforts”.
It said at least a quarter of the organisations targeted were involved in international development, humanitarian and human rights work.
While most were in the US, targeted victims spanned at least 24 countries.
According to Microsoft, Nobelium, a group originating in Russia, launched this week’s attacks by gaining access to an email marketing account used by the US federal government’s aid agency, USAID.
Hackers then sent emails that looked authentic but included a link which, when clicked, inserted a malicious file enabling the stealing of data and infecting other computers on a network.
A spokesperson for the US Cybersecurity and Infrastructure Security Agency (Cisa) told CBS News authorities were aware of the attack and were trying “to better understand the extent of the compromise and assist potential victims”.
Microsoft said many of the attacks targeting its customers were blocked automatically. It was not immediately clear how many of the attempts led to successful intrusions.
Last year, hackers used US company SolarWinds’ Orion platform to target US government departments, about 100 private companies and small numbers of UK organisations. At the end, nearly 18,000 customers installed the malicious software.
The SVR was blamed by the UK and US for the hack. It has denied involvement.
