The SolarWinds hackers – Russia-based Nobelium group – are back, this time targeting cloud email marketing service Constant Contact in a phishing campaign that led to 3,000 email accounts being breached in 150 organizations .
Microsoft revealed the latest violation by the state-sponsored hackers in a blog post titled “Another Nobelium Cyberattack,” which advised part of the “Nobelium Playbook” to gain access to trusted technology providers and infect their customers.
[Related: 12 Lessons Learned From The SolarWinds Breach: RSA Conference]
This time around, however, the attack vector was not SolarWinds Orion’s network monitoring tool, but rather Constant Contact email cloud marketing service, which is used by a significant number of technology providers and MSPs.
“Nobelium tried to reach around 3,000 individual accounts in more than 150 organizations using the legitimate mass mailing service Constant Contact,” wrote Tom Burt, …