Microsoft says the group behind the SolarWinds cyberattack identified late last year is now targeting government agencies, think tanks, consultants, and non-governmental organizations.
Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020, according to Microsoft.
The software giant said the latest wave of attacks had targeted approximately 3,000 email accounts at more than 150 different organisations.
Nobelium is also targeting victims in at least 24 countries with at least a quarter of the targeted organisations involved in international development, humanitarian issues and human rights work.
Nobelium launched the latest attacks by breaking into an email marketing account used by the US Agency for International Development.