Microsoft uncovered the SolarWinds crooks using mass-mail service Constant Contact and posing as a U.S.-based development organization to deliver malicious URLs to more than 150 organizations. Nobelium is also the group behind the Sunburst backdoor, Teardrop malware and GoldMax malware. The group historically has targeted a wide range of organizations, including government institutions, NGOs, think tanks, the military, IT service providers, health technology and research companies and groups. The targets in the latest attack, which is ongoing, are 3,000 individual accounts.
Source: https://threatpost.com/solarwinds-nobelium-phishing-attack-usaid/166531/