Kremlin rejects new Microsoft allegations it carried out hack via State Department email
The Kremlin has dismissed new allegations from Microsoft that Russian state hackers seized control of the email system of the State Department's international aid agency in order to target dozens of other organizations in the United States and around the world, including human rights groups and other critics of President Vladimir Putin's government.
Microsoft on Thursday said the new attack was carried out by the same group of Russian hackers behind the SolarWinds hack of the federal government which has been linked to Russia's foreign intelligence agency, the SVR.
The new cyberattack comes only three weeks before a planned summit between Putin and President Joe Biden, who just a month ago imposed sanctions on Russia after the Solar Winds hack.
The Kremlin's spokesman Dmitry Peskov on Friday said the allegations from Microsoft were "unfounded" and "abstract" and said he did not believe it would affect the summit.
"It's an abstract statement. It's like if we said we believe a large threat is coming from Microsoft and the software. It will be the same unfounded accusation," Peskov said in a daily briefing call with reporters.
Microsoft has said the new attack saw the Russian hackers gain access to an email account belonging to the United States Agency for International Development. From there they were able to then send 3,000 phishing emails to around 150 government agencies, think tanks and NGOs, the company said in a blog post published Thursday.
Microsoft said it had observed the attack this week by the group, which it dubs "Nobelium." It judged that the goal of the attack appeared to be an intelligence gathering effort by the Russian hackers by targeting government agencies involved in foreign policy.
"These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts," the company said.
The attack resembled the Solar Winds hack in that it targeted a third-party private service provider in order to gain access to government agencies, in what is known as a "supply chain" attack. In the wake of the Solar Winds attack, Biden signed an executive order that placed new standards for cybersecurity for any software sold to the federal government.
In the new attack the Russian hackers gained access to the U.S. Agency for International Development's Constant Contact account, an email marketing service, according to Microsoft.
The hackers were then able to send out authentic-looking phishing emails which included a link that if clicked would insert malware into the victim's computer. The malware gave hackers broad capabilities within the system, ranging from from stealing data to infecting other computers on a network, Microsoft said.
"By piggybacking on software updates and now mass email providers," the company wrote, the Russian hackers increased "the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem."
The White House says it, too, is "aware of the phishing incident" that impacted USAID and is "monitoring the situation closely" -- but noted that so far, the impact "appears to be limited."
A spokesperson for the White House's National Security Council said: "NSC is aware of the phishing incident and we are monitoring the situation closely. CISA is actively managing this incident and working with USAID."
The spokesperson said that "at this time, there appears to be limited impact."
"We note Microsoft's blog pointing out that many of these emails are likely to have been blocked by automated systems," the spokesperson said. "Improving cybersecurity technology and defenses is the foundational step to fighting cyber attacks."
While Microsoft said in a blog post that a Russian state-backed hacking group, Nobelium, was behind the cyberattack, U.S. intelligence has not yet attributed the attack to anyone.
In a statement, USAID acting spokesperson Pooja Jhunjhunwala told ABC News that the government's "forensic investigation" is still ongoing.
"The agency has notified and is working with all appropriate Federal authorities," added Jhunjhunwala, including the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency.
Biden had sought to signal to Russia that it could pay a more substantial price for such attacks with the sanctions package in April. The measures included expelling 10 Russian diplomats, imposing new restrictions on purchasing Russia's sovereign debt and also sanctioned several Russian cybersecurity companies, among other steps. Russia in retaliation expelled 10 American diplomats and asked the U.S. ambassador to Moscow to return home for an unspecified period for consultations.