Nobelium comprises USAID marketing service account, spoofs phishing emails

In summary:<p>USAID is the United States Agency for International Development -- a U.S. federal international aid agency.<p>The Russian hacking group Nobelium compromised the agency&#x27;s Constant Contact account -- appears to be a MailChimp&#x2F;SendGrid type marketing email service.<p>They have proceeded (and continue?) to send out phishing emails to contacts of the agency, including humanitarian organizations, purportedly targeting Kremlin opposition among others. The emails contain a malicious payload with backdoor capabilities.

<a href="https:&#x2F;&#x2F;www.microsoft.com&#x2F;security&#x2F;blog&#x2F;2021&#x2F;05&#x2F;27&#x2F;new-sophisticated-email-based-attack-from-nobelium&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.microsoft.com&#x2F;security&#x2F;blog&#x2F;2021&#x2F;05&#x2F;27&#x2F;new-sophi...</a><p>&gt; Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating significant experimentation. On May 25, 2021, the campaign escalated as NOBELIUM leveraged the legitimate mass-mailing service, Constant Contact, to masquerade as a US-based development organization to distribute malicious URLs to a wide variety of organizations and industry verticals.

<a href="https:&#x2F;&#x2F;www.volexity.com&#x2F;blog&#x2F;2021&#x2F;05&#x2F;27&#x2F;suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.volexity.com&#x2F;blog&#x2F;2021&#x2F;05&#x2F;27&#x2F;suspected-apt29-ope...</a><p>Many interesting details in this write-up from Volexity.