Microsoft has found that a new spear-phishing campaign that exhibits qualities of previously detected cyber attacks associated with nation-state threat actors homed in on public sector institutions, think tanks and other nonprofit organizations, Politico reported Tuesday.
The company said in its blog post published Monday that the hacking campaign also targeted research centers and companies in the chemical, oil and gas and hospitality sectors.
The attack started on Nov. 14 and zeroed in on organizations involved in policy development and particularly based in Washington, D.C.
Microsoft noted that the spear-phishing emails look like file-sharing notifications from OneDrive and that other companies linked the campaign to a threat actor, dubbed CozyBear or APT29, which is also associated with a group called YTTRIUM.
“While our fellow analysts make a compelling case, Microsoft does not yet believe that enough evidence exists to attribute this campaign to YTTRIUM,” according to the blog post.
The software company added that it has issued notifications to thousands of those email recipients in organizations targeted by the campaign.