Russian group behind SolarWinds hack shows up again

Sheila Zabeu -

May 28, 2021

The alert comes from Microsoft. Nobelium, the group responsible for attacks involving SolarWinds customers, carried out another phishing attack this week, this time against the US and foreign government agencies, NGOs, and think tanks using an email marketing account from the US Agency for International Development (USAID).

The wave of attacks targeted about 3,000 email accounts in more than 150 different organizations in 24 countries, predominantly the United States. According to Microsoft, these attacks appear to continue the group’s efforts to target government agencies for the purpose of gathering intelligence information.

The phishing emails sent by Nobelium contained a link that, when clicked, executed a file to distribute a backdoor called NativeZone. Through this entry, actions such as data theft and contamination of others on the network were carried out. According to Microsoft, this campaign differs significantly from the Nobelium operations conducted between September 2019 to January 2021. More details on this issue are available insecurity/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/" target="_blank" rel="noopener"> a blog from the Microsoft Threat Intelligence Center (MSTIC).

In Microsoft’s view, it is clear that the Nobelium group’s aim is to gain access to major technology companies, infect their customers, and thus undermine confidence in the technology ecosystem. In the case of SolarWinds, it took advantage of software updates and has now used mass emails to attack humanitarian and human rights organizations.

Microsoft claims that many targeted attacks were blocked automatically. As a high volume of emails was distributed in this particular campaign conducted by Nobelium, most messages with malicious content were marked as spam. Furthermore, Microsoft points out that Windows Defender is able to block the malware involved in this attack. However, it recommends ways to mitigate the impacts of this attack also on the MSTIC blog.

Related Article

New Bluetooth vulnerability could break privacy
Sheila Zabeu -

November 25, 2022

Industry 4.0 Zero Trust strategies need to address OT environments
Sheila Zabeu -

November 14, 2022

segurança digital dos dados CISA presents cybersecurity targets for critical infrastructure
Sheila Zabeu -

November 03, 2022

Circuito e Bloqueio Google to improve software supply chain security
Sheila Zabeu -

November 03, 2022

European quantum communications network Europe to launch satellite for quantum cryptography
Sheila Zabeu -

October 18, 2022

Cyber Attack Senior leadership needs to be more engaged in cybersecurity strategies
Cristina De Luca -

October 13, 2022

Cloud Security Cloud security: whose responsibility is it?
Sheila Zabeu -

October 05, 2022

Security concept Your backlog of vulnerabilities could be in the thousands
Sheila Zabeu -

September 19, 2022

You need to subscribe, before you can post a message

Subscribe