On May 28, the US Department of Justice authorized the arrest of two hackers connected to the Russian private organization Solarwinds. The two took control of two internet domains from which they started a massive campaign of pishing. The large-scale cyber attack was detected on May 25, 3.000 emails were sent from a United States Agency for International Development (USAID) account. The compromised account, associated with the services of a marketing company called Constant Contact, was used to send phishing emails to employees of more than 150 organizations around the world, most of them American.
The phishing emails featured an official USAID logo, under which a link to an alleged "USAID special notice"Entitled"Donald Trump has released new papers on election fraud". The link then directed users to one of the two illicit subdomains, thus infecting the victims' machines with a special malware which in turn created a backdoor cuts which allowed the hackers to get hold of all the contents of the compromised computers.
According to Microsoft Corporation, the hackers behind the phishing attack were from the same group that orchestrated the infamous hacker attack in 2020, the SolarWinds. The term refers to a large-scale breach of computer systems belonging to the federal government of the United States and to organizations such as the European Union and NATO. The main actor of that attack was referred to by cybersecurity experts as APT29 or Nobelium.