In late May, Microsoft announced that Nobelium, the Russian-linked group identified as the Solarwinds culprit, has begun “targeting government agencies, think tanks, consultants and non-governmental organizations” in a “wave of attacks.”

Microsoft said the hackers gained access to an email marketing account of the U.S. Agency for International Development, and sent out phishing emails targeting about 3,000 email accounts at more than 150 different organizations.

Steven Adair, whose cybersecurity firm Volexity detected the attack, told NPR that the phishing emails purported to be about former President Donald Trump releasing documents related to election fraud. “They could launch another one of these attacks tomorrow,” Adair said.

The White House has downplayed the attack, saying that it thinks the U.S. government largely dodged the spear-phishing campaign, as the Associated Press reports. Principal deputy press secretary Karine Jean-Pierre said the attack had not changed plans for a June 16 summit between President Joe Biden and Russia’s Vladimir Putin.

The government in Moscow brushed off Microsoft’s announcement, reports ABC News. “It’s an abstract statement,” Kremlin spokesperson Dmitry Peskov claimed. “It’s like if we said we believe a large threat is coming from Microsoft and the software. It will be the same unfounded accusation.”

A USAID spokesperson told Law360 that the agency was running a forensic investigation and working with “all appropriate federal authorities.” A spokesperson for Constant Contact, the email marketing company used by USAID, reportedly described the events as “an isolated incident” and said affected accounts had been temporarily shut down.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency told USA Today: “We are aware of the potential compromise at USAID through an email marketing platform and are working with the FBI and USAID to better understand the extent of the compromise and assist potential victims.”