AidInfoSec Report an attack

Attack Database /

Attack detail

Attack Date Location
January 2021 United States of America
Target organisation Attack category
USAID, multiple humanitarian and human rights orgs Passive attack
Surface Type
Digital - phishing emails Backdoor

Additional notes on attack

Mixed attack carried out via access to USAID mailing list, which were then used to distribute a phishing campaign to gain backdoor access to humanitarian and human rights NGOs, which constituted 1/4 of the targets.

Harm Notes
Harms linked to data breach, Reputational harm, Societal harm Harms linked to data breach - attackers gained access to and co-opted the systems of USAID, and potentially the database of target orgs Reputational harm - potentially reduces trust in orgs working on human rights, humanitarian issues Societal harm - potentially reduces efficacy of orgs safeguarding human rights, promoting humanitarian issues
Resolution/Recovery
Microsoft defence software was able to largely prevent malware attacks. Microsoft investigated attacks and alerted those potentially affected. Microsoft reinforced importance of basic data safety practices.
Actor type Actor name(s)
State Actor NOBELIUM
Attacker agenda Attacker location
State Activity r