U.S. government and aid agencies targeted by cyberattack attributed to Russia by Microsoft

An email marketing account belonging to the U.S. Agency for International Development was compromised in the attack.
An email marketing account belonging to the U.S. Agency for International Development was compromised in the attack. Copyright J. David Ake/AP
Copyright J. David Ake/AP
By Euronews with AP
Share this articleComments
Share this articleClose Button

Thousands of addresses were targeted by emails containing malware from a compromised marketing account belonging to the the U.S. Agency for International Development.


The United States government has fended off what it called a "basic phishing" attempt that has been blamed on Russian intelligence operatives.

The attack was first reported by Microsoft, with hackers using malware-laden emails to target U.S. and foreign government officials, think tanks and humanitarian groups.

Hackers managed to gain access to the U.S. Agency for International Development's account at Constant Contact, an email marketing service. Masquerading as the government body, they targeted about 3,000 email accounts at more than 150 different organisations.

At least a quarter of those targeted were involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late on Thursday.

Most of the emails were blocked by spam filters but looked authentic, purporting to contain new information on 2020 election fraud claims and including a link to malware.

Washington demurs on naming attacker ahead of tense presidential summit

The White House said late on Friday that government agencies had largely neutralised the threat, adding that it was "not seeing any significant number of compromised organizations at this time".

It added that the latest campaign should not further damage Washington-Moscow relations ahead of a planned presidential summit on June 16.

The U.S. has repeatedly raised the alarm over cyberattacks by Russia in the past few months. This has been driven by election interference as well as a massive breach of U.S. government agencies by Russian elite cyber-spies that was detected in late 2020.

Washington responded to that attack with fresh sanctions on Russia last month. “I don’t think it'll create a new point of tension because the point of tension is already so big,” said James Lewis, a senior vice president at the Centre for Strategic and International Studies, told AP.

"This clearly has to be on the summit agenda. The president has to lay down some markers [to say] 'the days when you people could do whatever you want are over'.”

Burt added that the campaign had targeted people in at least 24 different countries and seemed to be a continuation of efforts to “target agencies involved in foreign policy as part of intelligence gathering efforts”.

The U.S. government did not directly blame Russia for the latest incident. But Microsoft attributed it to the same outfit behind the 2019 hack of SolarWinds, a widely-used IT management programme, which led to breaches at least nine federal agencies and dozens of private sector companies.

Separately, cybersecurity firm FireEye has said it has been tracking “multiple waves” of related spear-phishing by hackers from Russia's SVR foreign intelligence agency since March.

This drive had reportedly used a variety of lures including diplomatic notes and invitations from embassies.

USAID spokeswoman Pooja Jhunjhunwala said on Friday that it was investigating with the help of the Cybersecurity and Infrastructure Security Agency. Constant Contact spokeswoman Kristen Andrews called the breach an “isolated incident.”

Share this articleComments

You might also like

Russia denies role in cyberattack on US's biggest gasoline pipeline

Cybercrime: Insurance giant Axa to stop covering ransomware payments in France

New hacking scams - Here's how to avoid them