Hackers likely affiliated with Russia broke into the email service of the U.S. Agency for International Development (USAID) and sent malware-infected phishing emails to 3,000 employees of human rights groups, nonprofits and think tanks around the world, Microsoft reported on May 27.
The emails, posing as legitimate messages from USAID, contained links that, when clicked, allow hackers to infect recipients’ computers and steal their data, according to Tom Burt, a senior Microsoft official who wrote about the attack.
While the U.S. was the main target of the cyberattack, hacked emails reached 150 organizations in 24 countries, Burt said. At least a quarter of these groups work in international development, humanitarian aid and human rights.
USAID, which has operated in Ukraine since 1992 and now leads the cybersecurity program here, told the Kyiv Post that it is aware of malicious emails and is continuing to investigate the incident. Neither the American nor Ukrainian branches of the agency replied whether Ukraine was among the countries attacked by the hackers. Ukrainian cybersecurity experts who spoke with the Kyiv Post said that Ukraine-based organizations could potentially be among the targets.
Ukrainian anti-corruption activist Vitaliy Shabunin said on May 28 that Ukrainians who received emails that resemble the ones distributed by hackers should report them to the Ukrainian laboratory of digital security.
A screenshot shows a malicious email sent by hackers on behalf of the U.S. Agency for International Development. Some information was redacted by the recipient. The letter resembles a legitimate email from the USAID but contains a link that, when clicked, inserts a malicious file on the recipient’s computer.
This latest hack comes on the heels of a ransomware attack that temporarily crippled one of the U.S.’s largest fuel pipelines, Colonial Pipeline, earlier in May. The perpetrators, a group called DarkSide, are believed to be based in Eastern Europe.
Hackers suspected of acting on behalf of Russia, also broke into Texas-based IT company SolarWinds in 2020, which allowed them to spy on the upper echelons of the U.S. government.
A group of hackers called Nobelium that is behind the USAID hack seems to be connected with the SolarWinds attackers, according to Microsoft. Nobelium broke into USAID’s account with the email marketing provider Constant Contact and used it to send the malware.
Microsoft notified the recipients of emails about the possible threat and blocked some of the malware automatically. “We are not seeing evidence of any significant number of compromised organizations at this time,” Burt wrote on May 28.
Experts said that both the U.S. and Ukraine would do well to take cybersecurity seriously.
According to Burt, “nation-state cyberattacks (in the U.S.) aren’t slowing. Washington said that Russia’s intelligence services are responsible for hundreds of cyberattacks on American state agencies and businesses over the past decade. According to Burt, the U.S. is “facing a greater threat than (it has) ever seen.”
Ukraine is significantly less protected than the U.S., according to cybersecurity expert Kostiantyn Korsun.
In Ukraine, hackers are usually interested in critical infrastructure (like transport, telecommunication and public health), courts, armed forces and state services like the Cabinet of Ministers or the President’s office, cybersecurity expert Oleksiy Baranovskyi told the Kyiv Post. According to him, Ukraine is not fully prepared to deter these attacks due to its outdated laws.
Ukraine is among the countries with the highest number of malware encounters in Eastern Europe, according to the data shared with the Kyiv Post by Microsoft Ukraine. In the last 30 days, Microsoft detected over 1.4 million infected devices in Ukraine, compared to 949,000 in Poland, 535,000 in Romania and 347,000 in Belarus.
USAID is among the major foreign organizations aiming to improve Ukraine’s defenses against cybersecurity threats. By 2024, it plans to invest up to $38 million to reduce Ukraine’s vulnerability to cyberattacks.
While the Ukrainian government and many local businesses praised this program, others continue to criticize it. “Ukraine’s community of cybersecurity experts have questions about the competence of USAID program’s participants and doubt its effectiveness,” Korsun said.
In light of the threat, Microsoft advises its users to follow basic cybersecurity rules: to use multi-factor authentication and antivirus software and avoid clicking on links in unreliable emails.
