USAID

DOJ Seizes Internet Domains Used in USAID Phishing Campaign

The Department of Justice has seized two internet domains used in a recent hack targeting the U.S. Agency for International Development.

The attack, described as a phishing campaign, was discovered by Microsoft. According to the tech company, victims were tricked into clicking on emails that looked to be from USAID but contained links allowing the installation of malicious code.

DOJ’s domain seizures demonstrate its ability to do more to combat cybercrime beyond issuing indictments to threat actors, Nextgov reported Tuesday.

“Last week’s action is a continued demonstration of the Department’s commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation,” according to Assistant Attorney General John Demers of the DOJ’s National Security Division.

The USAID hack is the latest in a series of cyberattacks directed at U.S. government agencies.

Microsoft attributed the hack to Nobelium, the same Russian hacker group identified as the culprit behind the attack on SolarWinds customers.

Nobelium was able to gain access to USAID’s account through Constant Contact, an online marketing company. The group sent malware-linked emails to roughly 3,000 accounts at more than 150 organizations.

Tom Burt, Microsoft’s vice president of customer security and trust, said in a blog post that the attack is a continuation of Nobelium’s multiple attacks on government agencies involved in foreign policy as part of intelligence gathering efforts.

Despite Microsoft’s claims, the Cybersecurity and Infrastructure Security Agency and the FBI said investigations are still ongoing to pinpoint the actor responsible for the phishing campaign.