• by Ray Schultz , May 28, 2021

Material Security, a firm that says it protects email accounts from SolarWinds-type hacks, has raised $40 million in Series B funding, bringing its total financing to $62 million to date.

The news comes just as Microsoft reports that cyber criminals backed by Russia have launched another spear-phishing attack aimed at presumed opponents of Vladimir Putin.

“This week we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations,” writes Tom Burt, corporate vice president customer security & trust for Microsoft, in a blog post.

Burt adds: “This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations.”

Nobelium launched the attacks by gaining access to the Constant Contact account of USAID.

“Constant Contact is a service used for email marketing,” Burt says. “From there, the actor was able to distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call NativeZone.”

He continues: "This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network."

Constant Contact comments as follows:

"We are aware that the account credentials of one of our customers were compromised and used by a malicious actor to access the customer’s Constant Contact accounts. This is an isolated incident, and we have temporarily disabled the impacted accounts while we work in cooperation with our customer, who is working with law enforcement."

Burt adds: "Many of the attacks targeting our customers were blocked automatically, and Windows Defender is blocking the malware involved in this attack. We’re also in the process of notifying all of our customers who have been targeted.” 

As for Material Security, its funding round was led by Elad Gil, the Silicon Valley investor behind Airbnb, Coinbase, Stripe and Square. Also participating were Andreessen Horowitz and several other tech investors. 

"In the last few months, we have seen the SolarWinds and Hafnium email breaches cost governments and private organizations billions of dollars as they seek to identify and undo malicious attacks," states Ryan Noon, CEO and cofounder, Material Security.

Noon continues: “As hackers continue to intensify their efforts, organizations must look beyond perimeter-only security – aka the beloved firewall – and extend zero trust security to every mailbox, protecting email before, during, and after everything from minor incidents to major breaches.”