--- title: "Phishing Alert: SolarWinds Hackers Back In Action, Target US Government And 150 Organizations | Phish Protection" description: "Phishing Alert: SolarWinds Hackers Back In Action, Target US Government And 150 Organizations: In a cyber-attack that will be remembered as one of the most." image: "https://phishprotection.com/og/blog/phishing-alert-solarwinds-hackers-back-target-usa-government-and-150-organizations.png" canonical: "https://phishprotection.com/blog/phishing-alert-solarwinds-hackers-back-target-usa-government-and-150-organizations/" --- Quick Answer In a cyber-attack that will be remembered as one of the most significant \*\*phishing email attacks\*\* in decades to come, \[a Russian hacking group attacked\](https://apnews.com/article/microsoft-solarwinds-spear-phishing-7abd240b9d3a25bedecf6441ca6dc74f) \*\*more than 3,000 email accounts\*\* belonging to individuals from more than 150 organizations across 24 countries. Nobelium, also known as APT29 to the cybersecurity community, has targeted government agencies, research institutions, consultants, think tanks, and non-governmental organizations this time. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-alert-solarwinds-hackers-back-target-usa-government-and-150-organizations%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Phishing%20Alert%3A%20SolarWinds%20Hackers%20Back%20In%20Action%2C%20Target%20US%20Government%20And%20150%20Organizations&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-alert-solarwinds-hackers-back-target-usa-government-and-150-organizations%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-alert-solarwinds-hackers-back-target-usa-government-and-150-organizations%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-alert-solarwinds-hackers-back-target-usa-government-and-150-organizations%2F&title=Phishing%20Alert%3A%20SolarWinds%20Hackers%20Back%20In%20Action%2C%20Target%20US%20Government%20And%20150%20Organizations "Share on Reddit") [ ](mailto:?subject=Phishing%20Alert%3A%20SolarWinds%20Hackers%20Back%20In%20Action%2C%20Target%20US%20Government%20And%20150%20Organizations&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-alert-solarwinds-hackers-back-target-usa-government-and-150-organizations%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/06/phishing-definition-3496.jpg) In a cyber-attack that will be remembered as one of the most significant **phishing email attacks** in decades to come, [a Russian hacking group attacked](https://apnews.com/article/microsoft-solarwinds-spear-phishing-7abd240b9d3a25bedecf6441ca6dc74f) **more than 3,000 email accounts** belonging to individuals from more than 150 organizations across 24 countries. Nobelium, also known as APT29 to the cybersecurity community, has targeted government agencies, research institutions, consultants, think tanks, and non-governmental organizations this time. The cyber adversaries leveraged ‘Constant Contact,’ a mass-mailing service, to carry out _a large-scale phishing campaign by masquerading as the US Agency for International Development_ (USAID.) The latest wave of **phishing attacks** has further emphasized the need for innovation in [email phishing protection](/) by employing advanced [anti-phishing solutions](/products/advanced-threat-defense/) to keep phishing emails out of inboxes, accompanied by anti-malware and [anti-ransomware solutions](/products/malware-and-ransomware-protection/). ### How Did The Perpetrators Do It? [According to Microsoft](https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/), _the attackers deployed a mass-email service used by USAID and sent **phishing emails** that contained malicious links_. The campaign was initiated in January and was being conducted in stages, escalating in late May. Constant Contact, the mass-mailing service, clarified that the attackers compromised their customers’ credentials before further escalating the attack. _These authentic-looking emails claimed to disclose new information on the 2020 election fraud_ and had a **malware link** that allowed attackers to access compromised information systems. The SolarWinds campaign, which went on for most of 2020 before being finally detected in December, also infiltrated private and public organizations apart from more than nine government agencies in the United States. Earlier, it was [a software update](https://www.solarwinds.com/sa-overview/securityadvisory) that the malicious actors exploited, and this time, it is the mass-email service. In both these cyberattacks, it is clear that organizations need to be educated and aware of tools such as [anti-ransomware solutions](/products/malware-and-ransomware-protection/) and **email protection services** to keep their critical information from falling into the hands of threat actors. ### What Does That Mean For An Organization? Both of the recent SolarWinds attacks are a solid reminder for organizations, public and private, large and small, that cyberattacks are not only a direct risk to an organization but also an indirect one through vendor networks. _The former SolarWinds hack was through a software update from a reliable software provider_ trusted by thousands of private and government organizations. A recent survey revealed that **37% of organizations** surveyed [were attacked by ransomware](https://secure2.sophos.com/en-us/medialibrary/pdfs/whitepaper/sophos-state-of-ransomware-2021-wp.pdf) over the last year. Furthermore, _organizations with more than 1000 employees were more likely to be hit than smaller organizations_. Organizations are [now learning](https://whatis.techtarget.com/feature/SolarWinds-hack-explained-Everything-you-need-to-know) that merely building firewalls and hoping for the best is inadequate to counter the threats. _They need to deploy a solid cybersecurity infrastructure_. An ideal infrastructure would actively locate vulnerabilities in the system to detect and **prevent cybersecurity threats** at multiple levels. ![Phishing definition](https://media.mailhop.org/phishprotection/images/2021/06/phishing-definition-3496.jpg) ### Who Is At The Most Risk From Phishing Attacks? The following industries are at the [highest risk](https://www.knowbe4.com/hubfs/2020PhishingByIndustryBenchmarkingReport.pdf) from **phishing attacks**: - Construction - Consumer Services - Education - Energy & Utilities - Healthcare & Pharmaceuticals - Insurance - Manufacturing - Not For Profit - Retail & Wholesale ### What Are The Impacts Of Phishing Attacks? The motivations of malicious actors can be varied, including financial gains and data. And the impacts of **phishing email attacks** on a business can also be many and long-lasting in some cases. The consequences of phishing attacks on businesses are listed below. - **_Damage To Reputation:_** As soon as there is news about an organization being attacked and falling prey to a **phishing attack**, _its reputation takes a blow_. Reports of a cyber-attack on an organization do not fade away soon from public memory, no matter how hard the organization tries to hide the facts. - **_Loss Of Customers:_** _Reputational damage leads to loss of business_. Once an organization falls prey to a **phishing attack**, customers are [42% less likely](http://www.magillreport.com/Phishing-Threatens-Your-Brand-More-than-You-Think-Return-Path/) to visit the organization in the future. The loss of customers can also continue over several years, making survival difficult for an organization. - **_Loss Of Value:_** As much as cyberattacks affect customer confidence, they also affect investor confidence, resulting in a downtrend in the share prices of organizations. It is common to see [share prices sliding](https://www.independent.co.uk/news/business/news/british-airways-data-breach-iag-share-price-a8526701.html) after data breaches or cyberattacks. - **_Regulatory Penalties:_** _Regulatory authorities have set huge penalties for organizations that fail to comply with security guidelines_. These fines are meant to encourage **robust security protocols** as potentially compromised data may also include the personal data of other people or entities associated with the organization. \*\* ![What is phishing](https://media.mailhop.org/phishprotection/images/2021/06/what-is-phishing-3941.jpg) \*\* ### How Can An Organization Protect Itself From Such Attacks? _Cybersecurity does not advocate a single solution that provides 100% protection from all cybersecurity issues_. Such an infrastructure is not viable. The best solution to keep an organization safe from cybersecurity attacks of different magnitudes and types is to build a multi-dimensional, multi-layered protection infrastructure. Each one of such solutions is treated as a distinct subject in cybersecurity. Anti-phishing, **email security systems**, and [employee awareness](/products/phishing-awareness-training/) are among the primary protection strategies that could protect an organization from many threats and are briefly described below. - **_Deploy Email Security System:_** Robust email security is one of the [best phishing protection](/) mechanisms for any organization. An efficient email security system provides **email phishing protection** by offering spam filters to separate marketing and phishing emails and data encryption to encrypt outgoing emails. - **_Deploy **Anti-Phishing Solutions:_** Cybersecurity or IT experts of an organization can protect employees and the organization from falling prey to **phishing attacks** in either two ways: only allowing access to a select number of pages or ensuring that malicious pages are detected and blocked. Some [anti-phishing solutions](/products/advanced-threat-defense/) involve scanning URLs for unsafe websites, while others warn users when they attempt to visit malicious pages. Organizations can protect their information assets by adopting such security solutions. - **_Educate People:_** The value of consistent [employee training and awareness](/products/phishing-awareness-training/) is often undermined in the modern world. Despite the robust security system to protect from external attacks, organizations should also strive to protect themselves from internal negligence that can leave them vulnerable to external attacks. \*\* \*\* ### Final Words Defending an organization against cybersecurity attacks might sound like much of a technological concern for most readers. However, _it is the human aspect that organizations neglect more often that leads to the perils_. A robust cybersecurity infrastructure that includes **anti-phishing solutions**, [anti-ransomware solutions](/products/malware-and-ransomware-protection/), anti-malware, and [email phishing protection](/), along with human awareness and education, will create a culture of safety and confidence in a vulnerable cyber world. ## Topics [ Phishing ](/tags/phishing/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 4m 13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[ Foundational 4m All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[ Foundational 4m 2021 Phishing Trends You Need To Be Wary Of Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Phishing Alert: SolarWinds Hackers Back In Action, Target US Government And 150 Organizations","description":"Phishing Alert: SolarWinds Hackers Back In Action, Target US Government And 150 Organizations: In a cyber-attack that will be remembered as one of the most.","url":"https://phishprotection.com/blog/phishing-alert-solarwinds-hackers-back-target-usa-government-and-150-organizations/","datePublished":"2021-06-04T10:20:30.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-06-04T10:20:30.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/phishing-alert-solarwinds-hackers-back-target-usa-government-and-150-organizations/"},"articleSection":"foundational","keywords":"Phishing","wordCount":1078,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/06/phishing-definition-3496.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"How Did The Perpetrators Do It?","acceptedAnswer":{"@type":"Answer","text":"[According to Microsoft](https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/), _the attackers deployed a mass-email service used by USAID and sent **phishing emails** that contained malicious links_. The campaign was initiated in January and was ..."}},{"@type":"Question","name":"What Does That Mean For An Organization?","acceptedAnswer":{"@type":"Answer","text":"Both of the recent SolarWinds attacks are a solid reminder for organizations, public and private, large and small, that cyberattacks are not only a direct risk to an organization but also an indirect one through vendor networks. _The former SolarWinds hack was through a software update from a rel..."}},{"@type":"Question","name":"Who Is At The Most Risk From Phishing Attacks?","acceptedAnswer":{"@type":"Answer","text":"The following industries are at the [highest risk](https://www.knowbe4.com/hubfs/2020PhishingByIndustryBenchmarkingReport.pdf) from **phishing attacks**:"}},{"@type":"Question","name":"What Are The Impacts Of Phishing Attacks?","acceptedAnswer":{"@type":"Answer","text":"The motivations of malicious actors can be varied, including financial gains and data. And the impacts of **phishing email attacks** on a business can also be many and long-lasting in some cases."}},{"@type":"Question","name":"How Can An Organization Protect Itself From Such Attacks?","acceptedAnswer":{"@type":"Answer","text":"Cybersecurity does not advocate a single solution that provides 100% protection from all cybersecurity issues_. Such an infrastructure is not viable. The best solution to keep an organization safe from cybersecurity attacks of different magnitudes and types is to build a multi-dimensional, multi-..."}}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Phishing Alert: SolarWinds Hackers Back In Action, Target US Government And 150 Organizations","item":"https://phishprotection.com/blog/phishing-alert-solarwinds-hackers-back-target-usa-government-and-150-organizations/"}]} ```