New breach from hackers behind SolarWinds ‘mostly unsuccessful,’ Microsoft says

Microsoft said the latest hack it detected from the cyberattackers responsible for the SolarWinds breaches was largely unsuccessful, meaning Microsoft has not discovered a significant number of compromised organizations.

The hacking campaign against SolarWinds computer network management software disclosed last year compromised nine federal agencies, and the Biden administration responded by imposing sanctions on Russia and attributing the breach to the Russian Foreign Intelligence Service (SVR).

Last week, Microsoft said it saw the same hackers involved in the SolarWinds intrusions going after U.S. organizations, including government agencies, think tanks, consultants and nongovernmental groups.

The hackers’ newest breach started when they obtained access to the U.S. Agency for International Development’s Constant Contact account, which is a company making email marketing software, according to Microsoft corporate Vice President Tom Burt.

The Cybersecurity and Infrastructure Security Agency (CISA) said Saturday that hackers sent malicious emails to 350 organizations and that CISA had not detected “significant impact” on federal government agencies as a result of the hacking effort.

The newest hack was a far cry from the cyberattack on Colonial Pipeline, a major U.S. fuel supplier whose response to a ransomware attack led to fuel shortages earlier this year, Mr. Burt wrote on Microsoft’s blog on Saturday. He also contrasted the newest hack with the previous SolarWinds breaches.

“Last week’s phishing attacks, in contrast, were focused on espionage targets and did not corrupt a core process essential to the security of the digital ecosystem,” Mr. Burt wrote. “And, due in part to being caught early and good defensive technology, last week’s attacks were mostly unsuccessful. More impactful nation-state attacks continue to occur, however.”

Mr. Burt wrote that the SolarWinds hack and the latest intrusion combined with other recent breaches show the need for the private sector and government to accelerate their cybersecurity work. He wrote that clearer rules need to be established for nation-state cyber conduct and what actions are deemed to have crossed acceptable lines.