Russian government-linked hackers compromise USAID email system to launch phishing attack against government agencies, civil society organizations

On May 25, hackers linked to Russia’s Foreign Intelligence Service, or SVR, leveraged access to the U.S. Agency for International Development’s (USAID) mass emailing service in a spear-phishing campaign that targeted 3,000 individuals tied to international development, humanitarian work, human rights groups, and government organizations, according to Microsoft. The SVR hacking group, known as APT 29, gained access to the email service, Constant Contact, to send emails that appeared to be a USAID special alert about new evidence of fraud in the 2020 election. The emails contained links to malware that would give the Russian operatives access to the recipient’s computer network. Targets included anti-corruption groups, research organizations investigating Russian disinformation, and entities outspoken about the Kremlin’s treatment of Russian activist Alexei Navalny, such as the Organization for Security and Co-operation in Europe (OSCE). Most of the spear-phishing emails were blocked by threat detection systems, though some may have successfully reached their targets, Microsoft said.

About This Incident

Threat Actors: Russia

Incident Metadata

Date: May 2021
Country: United States