Home > Cybersecurity > Why companies should care about Nobelium
A new campaign by the Nobelium group, uncovered by the Microsoft Threat Intelligence Center (MSTIC), serves as a reminder to practitioners that malicious, Russia-related actors remain highly motivated to seek out new attack vectors as old ones are shut down.
At the end of June, Microsoft revealed that a customer service employee’s computer had been hacked. The intrusion eventually resulted in stolen customer data and targeted attacks, so far, on three organizations by using password spraying and brute force techniques against login servers.
The discovery came from the investigations Microsoft has been conducting into Nobelium, the group responsible for the attacks involving SolarWinds customers. According to Microsoft, affected or targeted customers have been alerted.
“The investigation is ongoing, but we have confirmed that our support agents are configured with the minimum set of permissions required as part of our Zero Trust approach to customer information. We are notifying all affected customers and helping them ensure their accounts remain secure,” Microsoft said in a statement.
It continues, “This type of activity is not new and we continue to recommend that everyone take security precautions, such as enabling multi-factor authentication to protect their environments from this and similar attacks. It reinforces the importance of security precautions best practices, such as zero-trust architecture and multifactor authentication, and their importance to everyone.”
According to Reuters, Microsoft revealed the attack publicly only after being asked about the notice sent to affected customers. A copy of the Microsoft notice to which Reuters had access during the second half of May states that the attacker belongs to the Nobelium group and could see billing information and what services customers were paying for, among other data.
Microsoft did not tell Reuters whether the customer service employee was an outsourcer or not. A spokesman said this incident is not part of Nobelium’s previous successful attack on Microsoft, through which attackers gained access to part of the company’s source code repository.
In the company’s view, the attack was part of a larger Nobelium campaign largely focused on IT companies and governments around the world. Almost half of the attempted attacks were against US-based organizations, around 10% in the UK and smaller numbers in Canada and Germany.
Microsoft has been talking a lot about security today, especially in relation to its upcoming Windows 11, as the company tries to make the case for requiring users to have specific hardware to upgrade.
The American Cybersecurity and Infrastructure Security Agency (CISA) provides the following list of best practices to strengthen the security of organizations.