Microsoft said Thursday that the group behind the SolarWinds cyber attack late last year is now targeting government agencies, think tanks and NGOs.
In a blog post, Microsoft said Russia's Nobelium had targeted some 3,000 email accounts at over 150 different organizations this week.
Microsoft added that U.S. organizations saw the largest share of attacks, but that victims in at least two dozen other countries were also targeted.
According to the blog post, at least a quarter of the targeted groups were involved in humanitarian work, human rights or international development.
The attacks started after Nobelium broke into an email marketing account used by the U.S. Agency for International Development.
From there it launched phishing attacks on many other organizations.
Back in December, the hack of IT company SolarWinds gave access to the thousands of companies and government offices that used its products.
Microsoft President Brad Smith called it "the largest and most sophisticated attack the world has ever seen".
The U.S. and Britain have accused Russian foreign intelligence of orchestrating the attack.
This month, Russia's spy chief denied any responsibility, but said he was "flattered" by the accusations.
Microsoft said this week's attacks appear to be intelligence gathering efforts targeting government agencies involved in foreign policy.
The company said it was in the process of notifying all of its targeted customers, and had "no reason to believe" these attacks involved any exploitation or vulnerability in its products or services.