Microsoft has observed the group behind the infamous SolarWinds attack targeting numerous government agencies, think tanks, NGOs, and more. A fresh wave of attacks from the hacking group, dubbed Nobelium, has targeted thousands of email accounts across more than 150 organizations.

While most organizations are located in the US, victim organizations span 24 countries, with many targets directly involved in humanitarian aid, human rights work, and international development.

Microsoft Confirms SolarWinds Hackers New Campaign

In a post to its Microsoft On the Issues blog, Corporate Vice President for Customer Security & Trust, Tom Burt, confirmed and detailed Nobelium's latest attack.

Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020. These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts.

The latest attack began with Nobelium gaining access to a USAID email marketing account. From there, the attackers could distribute targeted phishing emails containing a malicious link. Once clicked, the victim downloads and installs NativeZone, a backdoor that allows extensive access and control over a remote computer.

According to the Microsoft Threat Intelligence Center technical blog on the attack, many of the malicious emails sent may have been blocked, being marked as spam due to the massive volume they were sent in.

Related: What Is the SolarWinds Attack? Have I Been Affected?

However, these systems aren't foolproof, and some emails passed through automatic detection systems "either due to configuration and policy settings or prior to detections being in place." Still, Microsoft notes that its security systems are blocking the malware used in the attack.

The Threat Intelligence Center blog also contains information on the technical side of the Nobelium attack and malware in use.

SolarWinds Attackers Nobelium Resurface

The resurgence of Nobelium is a worrying sign, not least because the attackers have a successful track record for breaching high-level networks and gaining access to critical data.

As Microsoft and other major tech companies have stated consistently, more action against nation-state hacking groups (sometimes referred to as APTs) must come from governments. These enormous attacks aren't slowing down. If anything, the success rate is emboldening attackers to seek more targets, especially branching out into targets that may have slack security protocols in place.

Related: Former SolarWinds CEO Blames Intern for Password Security Breach

Finally, the range of targets is worrying, too. Targeting humanitarian efforts, NGOs, and human rights activists illustrate that this form of attack has become one of the primary weapons of choice for certain nation-states, used to undermine or destroy ongoing work in critical areas.