The latest attack by the Russia-based group known as Nobelium this week used a government agency’s account credentials for the cloud email marketing service Constant Contact in a phishing campaign that led to the breach of 3,000 email accounts across 150 organisations.
Nobelium is the same state-sponsored organisation behind the massive breach last year of the SolarWinds Orion network monitoring product. That nation-state attack sent shockwaves throughout the world with Nobelium gaining access to U.S. government agencies, critical infrastructure entities and private sector organisations.
This time, Nobelium gained access to the Constant Contact account of the United States Agency for International Development, or USAID. The government agency advances what it calls U.S. national security and economic prosperity as a means to demonstrate American generosity.