The Russia-linked hackers behind the cyberattack on SolarWinds have returned, launching a phishing attack targeting approximately 3,000 email accounts belonging to workers at more than 150 organizations, Microsoft said late Thursday.
The attack on SolarWinds is considered by investigators to be one of most stealthy and sophisticated ever detected, but the phishing attack was in some ways the opposite of that. The hackers took over an online account used for mass emails by the U.S. Agency for International Development and sent deceptive phishing emails that contained malicious links.
Although the attack appears to have been largely unsuccessful—most of the email messages were marked as spam, Microsoft said—investigators say it shows that the hackers behind SolarWinds aren’t going away.
“These attacks appear to be a continuation of multiple efforts…to target government agencies involved in foreign policy as part of intelligence gathering efforts,” said Tom Burt, a Microsoft corporate vice president in charge of security, in a blog post.
A Microsoft spokesman declined to say how his company had linked the attack to the SolarWinds incident. U.S. government officials have said that the SolarWinds hack was conducted by Russia’s Foreign Intelligence Service, known as the SVR. Russia has denied that the agency was behind the SolarWinds attack.